Google Blogoscoped

Forum

Fix released to Google Web Toolkit XSS vulnerability

Juha-Matti Laurio [PersonRank 10]

Tuesday, December 18, 2007
13 years ago2,144 views

Cross-site scripting type vulnerability has been fixed in new version of Google Web Toolkit. Versions below 1.4.61 are affected in this issue.

According to security advisory from Danish Secunia the vulnerability exists in Benchmark Reporting System of the toolkit.
Link to the advisory released today:
secunia.com/advisories/28122/

Technically the problem is in parameter handling:
From Secunia:
"Input passed via unspecified parameters to the benchmark reporting system is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site."

An official release notes document is available at
code.google.com/webtoolkit/rel ...
mentioning the target of the vulnerability too.

It appears that the current download URL is
code.google.com/webtoolkit/dow ...

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!