Lucene search

PRIOn knowledge basePRION:CVE-2010-2275

HistoryJun 15, 2010 - 2:30 p.m.

Cross site scripting

2010-06-1514:30:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.1%

JSON

Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.

CPENameOperatorVersion
dojoeq1.2.1
dojoeq1.1
dojoeq0.4.3
dojole1.4.1
dojoeq0.3.1
dojoeq0.2.2
dojoeq1.3.2
dojoeq0.3.0
dojoeq0.9.0 beta
dojoeq0.4.0

Name	Operator	Version
dojo	eq	1.2.1
dojo	eq	1.1
dojo	eq	0.4.3
dojo	le	1.4.1
dojo	eq	0.3.1
dojo	eq	0.2.2
dojo	eq	1.3.2
dojo	eq	0.3.0
dojo	eq	0.9.0 beta
dojo	eq	0.4.0

Rows per page:

1-10 of 261

References

bugs.dojotoolkit.org/ticket/10773

secunia.com/advisories/38964

secunia.com/advisories/40007

www-01.ibm.com/support/docview.wss?uid=swg21431472

www-1.ibm.com/support/docview.wss?uid=swg1LO50833

www-1.ibm.com/support/docview.wss?uid=swg1LO50849

www-1.ibm.com/support/docview.wss?uid=swg1LO50856

www-1.ibm.com/support/docview.wss?uid=swg1LO50896

www-1.ibm.com/support/docview.wss?uid=swg1LO50932

www-1.ibm.com/support/docview.wss?uid=swg1LO50958

www-1.ibm.com/support/docview.wss?uid=swg1LO50994

www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/

www.vupen.com/english/advisories/2010/1281