A reflected cross-site scripting (XSS) flaw was found in HTML files used by GWTTestCase, a part of Google Web Toolkit (GWT) < 2.5.1. This flaw is only exposed by GWT applications that depend on the JUnit module, and include the vulnerable HTML files. Upstream Patch: https://code.google.com/p/google-web-toolkit/source/detail?r=11385 External References: http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1
Statement: This flaw does not affect Google Web Toolkit (GWT) as shipped with any Red Hat products. Red Hat products either do not include GWT applications that depend on the JUnit module, or do not include a vulnerable version of GWT.