GHSA-xv7r-9vq4-9wrq, CVE-2022-37724
maven/wonder/wonder
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces.
All versions starting from 1.0 up to 5.4.3
Unfortunately, there is no solution available yet.
2022-09-19
source |