We found results for “”
WS-2013-0004
Good to know:
Date: June 27, 2013
The "methodOverride" let the http post to override the method of the request with the value of the post key or with the header, which allows XSS attack.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Cross-Site Scripting (XSS)
CWE-79Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |