A Dojo ToolKit vulnerability affecting versions of Dojo prior to 1.2 was addressed by IBM Social Media Analytics. An upgrade to Dojo 1.8 was performed.
CVEID: CVE-2015-5654**
DESCRIPTION:** Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107041 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
IBM Social Media Analytics 1.3
The recommended solution is to apply the following interim fix:
IBM Social Media Analytics 1.3.0 IF17
For users of IBM Social Media Analytics 1.2 IBM recommends upgrading to IBM Social Media Analytics 1.3.
None known. Apply fixes.
CPE | Name | Operator | Version |
---|---|---|---|
social media analytics | eq | 1.3 |