Lucene search

PRIOn knowledge basePRION:CVE-2010-2273

HistoryJun 15, 2010 - 2:30 p.m.

Cross site scripting

2010-06-1514:30:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.042 Low

EPSS

Percentile

92.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.

CPENameOperatorVersion
dojoeq1.2.1
dojoeq1.1
dojoeq1.3.2
dojoeq1.0.1
dojoeq1.2.3
dojoeq1.0
dojoeq1.3.1
dojoeq1.0.2
dojoeq1.1.1
dojoeq1.3

Name	Operator	Version
dojo	eq	1.2.1
dojo	eq	1.1
dojo	eq	1.3.2
dojo	eq	1.0.1
dojo	eq	1.2.3
dojo	eq	1.0
dojo	eq	1.3.1
dojo	eq	1.0.2
dojo	eq	1.1.1
dojo	eq	1.3

Rows per page:

1-10 of 141

References

bugs.dojotoolkit.org/ticket/10773

dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/

secunia.com/advisories/38964

secunia.com/advisories/40007

www-01.ibm.com/support/docview.wss?uid=swg21431472

www-1.ibm.com/support/docview.wss?uid=swg1LO50833

www-1.ibm.com/support/docview.wss?uid=swg1LO50849

www-1.ibm.com/support/docview.wss?uid=swg1LO50856

www-1.ibm.com/support/docview.wss?uid=swg1LO50896

www-1.ibm.com/support/docview.wss?uid=swg1LO50932

www-1.ibm.com/support/docview.wss?uid=swg1LO50958

www-1.ibm.com/support/docview.wss?uid=swg1LO50994

www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/

www.vupen.com/english/advisories/2010/1281