Sign-up

ID

VAR-201311-0107


CVE

CVE-2013-4204


TITLE

Google Web Toolkit of GWTTestCase of JUnit File cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-005135

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Google Web Toolkit 2.5.0 is vulnerable; other versions may also be affected

Trust: 1.89

sources: NVD: CVE-2013-4204 // JVNDB: JVNDB-2013-005135 // BID: 61590

AFFECTED PRODUCTS

vendor:googlemodel:web toolkitscope:eqversion:2.2.0

Trust: 1.6

vendor:googlemodel:web toolkitscope:eqversion:2.4

Trust: 1.6

vendor:googlemodel:web toolkitscope:eqversion:2.4.0

Trust: 1.6

vendor:googlemodel:web toolkitscope:eqversion:2.5.0

Trust: 1.6

vendor:googlemodel:web toolkitscope:eqversion:2.4.5

Trust: 1.6

vendor:googlemodel:web toolkitscope:eqversion:2.1.0

Trust: 1.6

vendor:googlemodel:web toolkitscope:eqversion:2.3.0

Trust: 1.6

vendor:googlemodel:web toolkitscope:eqversion:1.7.1

Trust: 1.0

vendor:googlemodel:web toolkitscope:lteversion:2.5.0

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:1.6.4

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:1.7.0

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:2.0.1

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:2.0.4

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:1.5.2

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:2.1.1

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:1.4.60

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:1.5.0

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:1.6.2

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:1.5.3

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:2.0.3

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:2.0.2

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:1.5.1

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:2.0.0

Trust: 1.0

vendor:googlemodel:web toolkitscope:eqversion:1.6.3

Trust: 1.0

vendor:googlemodel:web toolkitscope:ltversion:2.5.1 rc1

Trust: 0.8

vendor:schneider electricmodel:trio tview softwarescope:eqversion:3.27.0

Trust: 0.3

vendor:googlemodel:web toolkitscope:eqversion:2.5

Trust: 0.3

vendor:schneider electricmodel:trio tview softwarescope:neversion:3.29.0

Trust: 0.3

vendor:googlemodel:web toolkitscope:neversion:2.5.1

Trust: 0.3

sources: BID: 61590 // JVNDB: JVNDB-2013-005135 // CNNVD: CNNVD-201308-049 // NVD: CVE-2013-4204

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4204
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-4204
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-049
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2013-4204
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2013-005135 // CNNVD: CNNVD-201308-049 // NVD: CVE-2013-4204

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2013-005135 // NVD: CVE-2013-4204

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-049

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201308-049

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005135

PATCH
title:Release Notes for 2.5.1 (RC1)url:http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1
Trust: 0.8
title:gwt-2.5.1-rc1url:http://123.124.177.30/web/xxk/bdxqById.tag?id=46832
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-005135 // 
            
            
            
            CNNVD: CNNVD-201308-049

EXTERNAL IDS
db:NVDid:CVE-2013-4204
Trust: 2.7
db:OPENWALLid:OSS-SECURITY/2013/08/05/1
Trust: 2.4
db:OPENWALLid:OSS-SECURITY/2013/08/05/3
Trust: 2.4
db:BIDid:61590
Trust: 1.9
db:JVNDBid:JVNDB-2013-005135
Trust: 0.8
db:CNNVDid:CNNVD-201308-049
Trust: 0.6
db:ICS CERTid:ICSA-17-213-02
Trust: 0.3
sources:
            
            
            BID: 61590 // 
            
            
            
            JVNDB: JVNDB-2013-005135 // 
            
            
            
            CNNVD: CNNVD-201308-049 // 
            
            
            
            NVD: CVE-2013-4204

REFERENCES
url:http://www.openwall.com/lists/oss-security/2013/08/05/1
Trust: 2.4
url:http://www.openwall.com/lists/oss-security/2013/08/05/3
Trust: 2.4
url:http://www.gwtproject.org/release-notes.html#release_notes_2_5_1_rc1
Trust: 1.9
url:http://www.securityfocus.com/bid/61590
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4204
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4204
Trust: 0.8
url:https://access.redhat.com/security/cve/cve-2013-4204
Trust: 0.6
url:https://bugzilla.redhat.com/show_bug.cgi?id=992911
Trust: 0.6
url:https://code.google.com/p/google-web-toolkit/source/detail?r=11385
Trust: 0.3
url:https://developers.google.com/web-toolkit/
Trust: 0.3
url:http://seclists.org/oss-sec/2013/q3/274
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-213-02
Trust: 0.3
sources:
            
            
            BID: 61590 // 
            
            
            
            JVNDB: JVNDB-2013-005135 // 
            
            
            
            CNNVD: CNNVD-201308-049 // 
            
            
            
            NVD: CVE-2013-4204

CREDITS
David Jorm
Trust: 0.9
sources:
            
            
            BID: 61590 // 
            
            
            
            CNNVD: CNNVD-201308-049

SOURCES
db:BIDid:61590
db:JVNDBid:JVNDB-2013-005135
db:CNNVDid:CNNVD-201308-049
db:NVDid:CVE-2013-4204

LAST UPDATE DATE
2024-11-23T20:30:13.538000+00:00

SOURCES UPDATE DATE
db:BIDid:61590date:2017-08-22T14:12:00
db:JVNDBid:JVNDB-2013-005135date:2013-11-19T00:00:00
db:CNNVDid:CNNVD-201308-049date:2023-04-17T00:00:00
db:NVDid:CVE-2013-4204date:2024-11-21T01:55:07.480

SOURCES RELEASE DATE
db:BIDid:61590date:2013-08-04T00:00:00
db:JVNDBid:JVNDB-2013-005135date:2013-11-19T00:00:00
db:CNNVDid:CNNVD-201308-049date:2013-08-06T00:00:00
db:NVDid:CVE-2013-4204date:2013-11-18T02:55:07.627