4.3

CVE-2010-2274

Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DojotoolkitDojo Version1.0
DojotoolkitDojo Version1.0.1
DojotoolkitDojo Version1.0.2
DojotoolkitDojo Version1.1
DojotoolkitDojo Version1.1.1
DojotoolkitDojo Version1.2
DojotoolkitDojo Version1.2.1
DojotoolkitDojo Version1.2.2
DojotoolkitDojo Version1.2.3
DojotoolkitDojo Version1.3
DojotoolkitDojo Version1.3.1
DojotoolkitDojo Version1.3.2
DojotoolkitDojo Version1.4
DojotoolkitDojo Version1.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.89% 0.769
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
Patch
Vendor Advisory
http://secunia.com/advisories/38964
Vendor Advisory
http://secunia.com/advisories/40007
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
http://www.vupen.com/english/advisories/2010/1281
Vendor Advisory