992911 – (CVE-2013-4204) CVE-2013-4204 GWT: reflected XSS in HTML files used by GWTTestCase

Bug 992911 (CVE-2013-4204) - CVE-2013-4204 GWT: reflected XSS in HTML files used by GWTTestCase

Summary: CVE-2013-4204 GWT: reflected XSS in HTML files used by GWTTestCase

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2013-4204
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-08-05 07:46 UTC by David Jorm
Modified:	2021-02-17 07:27 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-08-06 02:45:47 UTC
Embargoed:

Attachments	(Terms of Use)

Description David Jorm 2013-08-05 07:46:03 UTC

A reflected cross-site scripting (XSS) flaw was found in HTML files used by GWTTestCase, a part of Google Web Toolkit (GWT) < 2.5.1. This flaw is only exposed by GWT applications that depend on the JUnit module, and include the vulnerable HTML files.

Upstream Patch:
https://code.google.com/p/google-web-toolkit/source/detail?r=11385

External References:
http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1

Comment 1 David Jorm 2013-08-06 02:45:47 UTC

Statement:

This flaw does not affect Google Web Toolkit (GWT) as shipped with any Red Hat products. Red Hat products either do not include GWT applications that depend on the JUnit module, or do not include a vulnerable version of GWT.

Note You need to log in before you can comment on or make changes to this bug.