Back to search
CVE-2007-2377
Published: Apr 30, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
43322
vdb-entry
x_refsource_OSVDB
SUSE-SR:2009:004
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now