CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
75.8%
Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.
Vendor | Product | Version | CPE |
---|---|---|---|
org.dojotoolkit | dojo | * | cpe:2.3:a:org.dojotoolkit:dojo:*:*:*:*:*:*:*:* |
dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
www-01.ibm.com/support/docview.wss?uid=swg21431472
www-1.ibm.com/support/docview.wss?uid=swg1LO50833
www-1.ibm.com/support/docview.wss?uid=swg1LO50849
www-1.ibm.com/support/docview.wss?uid=swg1LO50856
www-1.ibm.com/support/docview.wss?uid=swg1LO50896
www-1.ibm.com/support/docview.wss?uid=swg1LO50932
www-1.ibm.com/support/docview.wss?uid=swg1LO50958
www-1.ibm.com/support/docview.wss?uid=swg1LO50994
github.com/advisories/GHSA-mmjh-45vj-hfvf
nvd.nist.gov/vuln/detail/CVE-2010-2274
web.archive.org/web/20100617172214/secunia.com/advisories/40007
web.archive.org/web/20100629020444/secunia.com/advisories/38964