[CLOSE] OSVDB ID : 39232 - Disclosed: 2007-12-18

Description:

Google Web Toolkit contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the Benchmark Reporting System. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 38049 - Disclosed: 2007-07-10

Description:

Flash Player 9.0.45.0 and earlier allow an attacker to manipulate HTTP referrer headers by way of ActionScript. This allows an attacker to spoof the origin of a request and bypass common filters to prevent CSRF. An attacker could leverage this for to issue a CSRF from outside of the target's domain.

[CLOSE] OSVDB ID : 36079 - Disclosed: 2007-06-14

Description:

Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the Manager and Host Manager applications do not validate the filename of files uploaded via the /manager/html/upload utility. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.