Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| emweb | wt | 2.0.4a |
| emweb | wt | 2.1.5 |
| emweb | wt | 3.0.0 |
| emweb | wt | 2.2.3 |
| emweb | wt | 2.0.5 |
| emweb | wt | * |
| emweb | wt | 2.1.2 |
| emweb | wt | 2.1.0 |
| emweb | wt | 2.2.0 |
| emweb | wt | 2.99.1 |
| emweb | wt | 2.99.3 |
| emweb | wt | 2.1.4 |
| emweb | wt | 2.0.4 |
| emweb | wt | 1.1.6 |
| emweb | wt | 2.2.1 |
| emweb | wt | 2.99.5 |
| emweb | wt | 2.0.1 |
| emweb | wt | 1.1.4 |
| emweb | wt | 2.99.0 |
| emweb | wt | 1.1.7 |
| emweb | wt | 2.1.1 |
| emweb | wt | 2.99.4 |
| emweb | wt | 2.1.3 |
| emweb | wt | 2.2.2 |
| emweb | wt | 2.99.2 |
| emweb | wt | 1.1.5 |
| emweb | wt | 2.0.0 |