4.3
CVE-2010-2273
- EPSS 4.55%
- Veröffentlicht 15.06.2010 14:30:01
- Zuletzt bearbeitet 16.06.2026 23:20:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dojotoolkit ≫ Dojo Version1.0
Dojotoolkit ≫ Dojo Version1.0.1
Dojotoolkit ≫ Dojo Version1.0.2
Dojotoolkit ≫ Dojo Version1.1
Dojotoolkit ≫ Dojo Version1.1.1
Dojotoolkit ≫ Dojo Version1.2
Dojotoolkit ≫ Dojo Version1.2.1
Dojotoolkit ≫ Dojo Version1.2.2
Dojotoolkit ≫ Dojo Version1.2.3
Dojotoolkit ≫ Dojo Version1.3
Dojotoolkit ≫ Dojo Version1.3.1
Dojotoolkit ≫ Dojo Version1.3.2
Dojotoolkit ≫ Dojo Version1.4
Dojotoolkit ≫ Dojo Version1.4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.55% | 0.903 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
http://secunia.com/advisories/38964
http://bugs.dojotoolkit.org/ticket/10773
http://secunia.com/advisories/40007
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/
http://www.vupen.com/english/advisories/2010/1281