Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting
Moderate severity
GitHub Reviewed
Published
Sep 15, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Sep 14, 2022
Published to the GitHub Advisory Database
Sep 15, 2022
Reviewed
Sep 16, 2022
Last updated
Jan 29, 2023
Project Wonder WebObjects 1.0 through 7.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. A patch for this issue is available at commit number b0d2d74f13203268ea254b02552600850f28014b.
References