Lucene search
GoogleOSV:GHSA-VMQ9-CM7M-4P8PHistoryMay 14, 2022 - 2:01 a.m.
Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
2022-05-1402:01:21
Google
osv.dev
15
xss
dojo dojo objective harness
version prior to 1.14
browser exploitation
malware delivery
cookie theft
cors bypass
EPSS
0.001
Percentile
36.2%
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker’s control; the XSS vulnerability on the target domain is silently exploited without the victim’s knowledge. This vulnerability appears to have been fixed in 1.14.
Related
redhatcve
redhatcve
CVE-2018-1000665
2018-09-06 21:19:01
nvd
nvd
CVE-2018-1000665
2018-09-06 17:29:01
ubuntucve
ubuntucve
CVE-2018-1000665
2018-09-06 00:00:00
osv
osv
CVE-2018-1000665
2018-09-06 17:29:01
debiancve
debiancve
CVE-2018-1000665
2018-09-06 17:29:01
veracode
veracode
Cross-Site Scripting (XSS)
2018-09-24 05:46:32
prion
prion
Cross site scripting
2018-09-06 17:29:00
cvelist
cvelist
CVE-2018-1000665
2018-09-06 17:00:00
github
github
cve
cve
CVE-2018-1000665
2018-09-06 17:29:01
