Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-xv7r-9vq4-9wrq: Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. A patch for this issue is available at commit number b0d2d74f13203268ea254b02552600850f28014b.

ghsa
#xss#web#git

Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting

Moderate severity GitHub Reviewed Published Sep 15, 2022 • Updated Sep 16, 2022

Related news

CVE-2022-37724: WO Adaptor URL Sanitization Fixes by NotsoanoNimus · Pull Request #992 · wocommunity/wonder

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces.