All the vulnerabilites related to dojotoolkit - dojo
cve-2010-2276
Vulnerability from cvelistv5
Published
2010-06-14 19:00
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1281",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"name": "LO50994",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"name": "LO50896",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40007"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-1281",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"name": "LO50994",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"name": "LO50896",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40007"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1281",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"name": "LO50994",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"name": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
"refsource": "CONFIRM",
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"name": "LO50896",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40007"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2276",
"datePublished": "2010-06-14T19:00:00Z",
"dateReserved": "2010-06-14T00:00:00Z",
"dateUpdated": "2024-09-17T00:16:42.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2273
Vulnerability from cvelistv5
Published
2010-06-14 19:00
Modified
2024-09-16 16:28
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1281",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"name": "LO50994",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"name": "LO50896",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-1281",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"name": "LO50994",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"name": "LO50896",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1281",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"name": "http://bugs.dojotoolkit.org/ticket/10773",
"refsource": "CONFIRM",
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"name": "LO50994",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"name": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
"refsource": "CONFIRM",
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"name": "LO50896",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40007"
},
{
"name": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/",
"refsource": "MISC",
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2273",
"datePublished": "2010-06-14T19:00:00Z",
"dateReserved": "2010-06-14T00:00:00Z",
"dateUpdated": "2024-09-16T16:28:07.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5654
Vulnerability from cvelistv5
Published
2015-10-11 01:00
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/77026 | vdb-entry, x_refsource_BID | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000153 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN13456571/index.html | third-party-advisory, x_refsource_JVN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21975256 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034848 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:03.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77026",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77026"
},
{
"name": "JVNDB-2015-000153",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000153"
},
{
"name": "JVN#13456571",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN13456571/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975256"
},
{
"name": "1034848",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034848"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "77026",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77026"
},
{
"name": "JVNDB-2015-000153",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000153"
},
{
"name": "JVN#13456571",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN13456571/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975256"
},
{
"name": "1034848",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034848"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77026"
},
{
"name": "JVNDB-2015-000153",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000153"
},
{
"name": "JVN#13456571",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN13456571/index.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21975256",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975256"
},
{
"name": "1034848",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034848"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5654",
"datePublished": "2015-10-11T01:00:00",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:03.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2272
Vulnerability from cvelistv5
Published
2010-06-14 19:00
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38964 | third-party-advisory, x_refsource_SECUNIA | |
| http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38964"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38964"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38964"
},
{
"name": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
"refsource": "CONFIRM",
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2272",
"datePublished": "2010-06-14T19:00:00Z",
"dateReserved": "2010-06-14T00:00:00Z",
"dateUpdated": "2024-09-17T01:16:18.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2275
Vulnerability from cvelistv5
Published
2010-06-14 19:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1281",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"name": "LO50994",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"name": "LO50896",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-1281",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"name": "LO50994",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"name": "LO50896",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1281",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"name": "http://bugs.dojotoolkit.org/ticket/10773",
"refsource": "CONFIRM",
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"name": "LO50994",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"name": "LO50896",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40007"
},
{
"name": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/",
"refsource": "MISC",
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2275",
"datePublished": "2010-06-14T19:00:00Z",
"dateReserved": "2010-06-14T00:00:00Z",
"dateUpdated": "2024-09-16T17:03:04.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1000665
Vulnerability from cvelistv5
Published
2018-09-06 17:00
Modified
2024-09-17 01:00
Severity ?
EPSS score ?
Summary
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14.
References
| ▼ | URL | Tags |
|---|---|---|
| https://dojotoolkit.org/blog/dojo-1-14-released | x_refsource_CONFIRM | |
| https://github.com/dojo/dojo/pull/307 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dojo/dojo/pull/307"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker\u0027s control; the XSS vulnerability on the target domain is silently exploited without the victim\u0027s knowledge. This vulnerability appears to have been fixed in 1.14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dojo/dojo/pull/307"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-09-03T16:07:16.974886",
"DATE_REQUESTED": "2018-08-22T22:28:15",
"ID": "CVE-2018-1000665",
"REQUESTER": "setenforce1@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker\u0027s control; the XSS vulnerability on the target domain is silently exploited without the victim\u0027s knowledge. This vulnerability appears to have been fixed in 1.14."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dojotoolkit.org/blog/dojo-1-14-released",
"refsource": "CONFIRM",
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"name": "https://github.com/dojo/dojo/pull/307",
"refsource": "CONFIRM",
"url": "https://github.com/dojo/dojo/pull/307"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000665",
"datePublished": "2018-09-06T17:00:00Z",
"dateReserved": "2018-09-06T00:00:00Z",
"dateUpdated": "2024-09-17T01:00:37.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6561
Vulnerability from cvelistv5
Published
2018-02-02 15:00
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md",
"refsource": "MISC",
"url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6561",
"datePublished": "2018-02-02T15:00:00Z",
"dateReserved": "2018-02-02T00:00:00Z",
"dateUpdated": "2024-09-16T23:41:05.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15494
Vulnerability from cvelistv5
Published
2018-08-18 02:00
Modified
2024-08-05 09:54
Severity ?
EPSS score ?
Summary
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
References
| ▼ | URL | Tags |
|---|---|---|
| https://dojotoolkit.org/blog/dojo-1-14-released | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html | mailing-list, x_refsource_MLIST | |
| https://github.com/dojo/dojox/pull/283 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"name": "[debian-lts-announce] 20180903 [SECURITY] [DLA 1492-1] dojo security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dojo/dojox/pull/283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-03T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"name": "[debian-lts-announce] 20180903 [SECURITY] [DLA 1492-1] dojo security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dojo/dojox/pull/283"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dojotoolkit.org/blog/dojo-1-14-released",
"refsource": "MISC",
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"name": "[debian-lts-announce] 20180903 [SECURITY] [DLA 1492-1] dojo security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html"
},
{
"name": "https://github.com/dojo/dojox/pull/283",
"refsource": "MISC",
"url": "https://github.com/dojo/dojox/pull/283"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15494",
"datePublished": "2018-08-18T02:00:00",
"dateReserved": "2018-08-17T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6726
Vulnerability from cvelistv5
Published
2009-04-09 15:00
Modified
2024-08-07 16:18
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.dojotoolkit.org/releaseNotes/0.4.3 | x_refsource_CONFIRM | |
| http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49884 | vdb-entry, x_refsource_XF | |
| https://issues.apache.org/struts/browse/WW-2134 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/34660 | vdb-entry, x_refsource_BID | |
| http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dojotoolkit.org/releaseNotes/0.4.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately"
},
{
"name": "dojo-xipclient-xipserver-xss(49884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49884"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/struts/browse/WW-2134"
},
{
"name": "34660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dojotoolkit.org/releaseNotes/0.4.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately"
},
{
"name": "dojo-xipclient-xipserver-xss(49884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49884"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/struts/browse/WW-2134"
},
{
"name": "34660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dojotoolkit.org/releaseNotes/0.4.3",
"refsource": "CONFIRM",
"url": "http://www.dojotoolkit.org/releaseNotes/0.4.3"
},
{
"name": "http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately",
"refsource": "CONFIRM",
"url": "http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately"
},
{
"name": "dojo-xipclient-xipserver-xss(49884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49884"
},
{
"name": "https://issues.apache.org/struts/browse/WW-2134",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/struts/browse/WW-2134"
},
{
"name": "34660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34660"
},
{
"name": "http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds",
"refsource": "CONFIRM",
"url": "http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6726",
"datePublished": "2009-04-09T15:00:00",
"dateReserved": "2009-04-09T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6681
Vulnerability from cvelistv5
Published
2009-04-09 15:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49883 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/34661 | vdb-entry, x_refsource_BID | |
| http://www.dojotoolkit.org/book/dojo-1-1-release-notes | x_refsource_CONFIRM | |
| http://trac.dojotoolkit.org/ticket/2140 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dojo-dijiteditor-xss(49883)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49883"
},
{
"name": "34661",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dojotoolkit.org/book/dojo-1-1-release-notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://trac.dojotoolkit.org/ticket/2140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dojo-dijiteditor-xss(49883)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49883"
},
{
"name": "34661",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dojotoolkit.org/book/dojo-1-1-release-notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://trac.dojotoolkit.org/ticket/2140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dojo-dijiteditor-xss(49883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49883"
},
{
"name": "34661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34661"
},
{
"name": "http://www.dojotoolkit.org/book/dojo-1-1-release-notes",
"refsource": "CONFIRM",
"url": "http://www.dojotoolkit.org/book/dojo-1-1-release-notes"
},
{
"name": "http://trac.dojotoolkit.org/ticket/2140",
"refsource": "MISC",
"url": "http://trac.dojotoolkit.org/ticket/2140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6681",
"datePublished": "2009-04-09T15:00:00",
"dateReserved": "2009-04-09T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2274
Vulnerability from cvelistv5
Published
2010-06-14 19:00
Modified
2024-09-17 00:51
Severity ?
EPSS score ?
Summary
Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1281",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"name": "LO50994",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"name": "LO50896",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40007"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-1281",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"name": "LO50994",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"name": "LO50896",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40007"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1281",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"name": "LO50994",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"name": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
"refsource": "CONFIRM",
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"name": "LO50896",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40007"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2274",
"datePublished": "2010-06-14T19:00:00Z",
"dateReserved": "2010-06-14T00:00:00Z",
"dateUpdated": "2024-09-17T00:51:43.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-06-15 14:30
Modified
2024-11-21 01:16
Severity ?
Summary
Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dojotoolkit | dojo | 1.0 | |
| dojotoolkit | dojo | 1.0.1 | |
| dojotoolkit | dojo | 1.0.2 | |
| dojotoolkit | dojo | 1.1 | |
| dojotoolkit | dojo | 1.1.1 | |
| dojotoolkit | dojo | 1.2 | |
| dojotoolkit | dojo | 1.2.1 | |
| dojotoolkit | dojo | 1.2.2 | |
| dojotoolkit | dojo | 1.2.3 | |
| dojotoolkit | dojo | 1.3 | |
| dojotoolkit | dojo | 1.3.1 | |
| dojotoolkit | dojo | 1.3.2 | |
| dojotoolkit | dojo | 1.4 | |
| dojotoolkit | dojo | 1.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B97B59B4-4B4C-4506-8FDF-FA6ADCE0D128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03BC2181-EB91-4E3C-A8D1-EB10A8C931D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A01BDB4-3A20-4834-B9AA-712359938834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DD9CB-1C3A-4C92-A012-86BBE1E02488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30618B0-5361-44E6-A92E-F37C2C597E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A83DF6-675C-4AFA-BABC-65C6E4C73215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA89367-3736-470C-9AB0-C2F3264837AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5116D8F-B46F-404A-804A-26EFD7FA1AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB69EAEF-21A2-48D4-9A11-674A900E6B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "111D0158-345D-45DD-81F5-51E4A95E61B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D44E2A-CAED-4B16-AAF3-A3460341D1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0587636C-C1CC-4F28-AD99-5C5DD6899337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DED8A3-F451-43EB-9FE1-F3AB5E935754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "078F33DC-B71C-4777-A1D6-313A82780592",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de redirecci\u00f3n abierta en Dojo 1.0.x en versiones anteriores a la 1.0.3, 1.1.x en versiones anteriores a la 1.1.2, 1.2.x en versiones anteriores a la 1.2.4, 1.3.x en versiones anteriores a la 1.3.3 y 1.4.x en versiones anteriores a la 1.4.2 permiten a atacantes remotos redirigir usuarios a sitios web de su elecci\u00f3n y realizar ataques de phising mediante vectores desconocidos, posiblemente relacionados con dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js y util/doh/runner.html."
}
],
"id": "CVE-2010-2274",
"lastModified": "2024-11-21T01:16:17.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-15T14:30:01.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38964"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40007"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-15 14:30
Modified
2024-11-21 01:16
Severity ?
Summary
Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/38964 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38964 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dojotoolkit | dojo | 0.4.0 | |
| dojotoolkit | dojo | 0.4.1 | |
| dojotoolkit | dojo | 0.4.2 | |
| dojotoolkit | dojo | 0.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1521836E-BCFD-4665-A461-F9CD0DA2195D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "528A98A5-751F-40F1-9AF7-0CB84D0E154A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA636E72-459D-44A8-8278-4E5091975D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A419DC98-A35B-4DFD-994C-B7B31CBE14A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en iframe_history.html en Dojo v0.4.x antes de v0.4.4 tiene un impacto desconocido y vectores de ataque remoto."
}
],
"id": "CVE-2010-2272",
"lastModified": "2024-11-21T01:16:17.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-15T14:30:01.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38964"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-15 14:30
Modified
2024-11-21 01:16
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dojotoolkit | dojo | 1.0 | |
| dojotoolkit | dojo | 1.0.1 | |
| dojotoolkit | dojo | 1.0.2 | |
| dojotoolkit | dojo | 1.1 | |
| dojotoolkit | dojo | 1.1.1 | |
| dojotoolkit | dojo | 1.2 | |
| dojotoolkit | dojo | 1.2.1 | |
| dojotoolkit | dojo | 1.2.2 | |
| dojotoolkit | dojo | 1.2.3 | |
| dojotoolkit | dojo | 1.3 | |
| dojotoolkit | dojo | 1.3.1 | |
| dojotoolkit | dojo | 1.3.2 | |
| dojotoolkit | dojo | 1.4 | |
| dojotoolkit | dojo | 1.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B97B59B4-4B4C-4506-8FDF-FA6ADCE0D128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03BC2181-EB91-4E3C-A8D1-EB10A8C931D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A01BDB4-3A20-4834-B9AA-712359938834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DD9CB-1C3A-4C92-A012-86BBE1E02488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30618B0-5361-44E6-A92E-F37C2C597E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A83DF6-675C-4AFA-BABC-65C6E4C73215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA89367-3736-470C-9AB0-C2F3264837AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5116D8F-B46F-404A-804A-26EFD7FA1AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB69EAEF-21A2-48D4-9A11-674A900E6B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "111D0158-345D-45DD-81F5-51E4A95E61B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D44E2A-CAED-4B16-AAF3-A3460341D1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0587636C-C1CC-4F28-AD99-5C5DD6899337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DED8A3-F451-43EB-9FE1-F3AB5E935754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "078F33DC-B71C-4777-A1D6-313A82780592",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Dojo v1.0.x anterior a v1.0.3, v1.1.x anterior a v1.1.2, v1.2.x anterior a v1.2.4, v1.3.x anterior a v1.3.3, y v1.4.x anterior a 1.4.2 permite a atacantes remotos inyectar c\u00f3digo web o HTML a trav\u00e9s de vectores sin especificar, posiblemente relacionados con dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, y util/buildscripts/jslib/buildUtil.js, como se demostr\u00f3 con parametros (1) dojoUrl y (2) testUrl de util/doh/runner.html."
}
],
"id": "CVE-2010-2273",
"lastModified": "2024-11-21T01:16:17.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-15T14:30:01.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38964"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40007"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-15 14:30
Modified
2024-11-21 01:16
Severity ?
Summary
The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dojotoolkit | dojo | 0.4.0 | |
| dojotoolkit | dojo | 0.4.1 | |
| dojotoolkit | dojo | 0.4.2 | |
| dojotoolkit | dojo | 0.4.3 | |
| dojotoolkit | dojo | 1.0 | |
| dojotoolkit | dojo | 1.0.1 | |
| dojotoolkit | dojo | 1.0.2 | |
| dojotoolkit | dojo | 1.1 | |
| dojotoolkit | dojo | 1.1.1 | |
| dojotoolkit | dojo | 1.2 | |
| dojotoolkit | dojo | 1.2.1 | |
| dojotoolkit | dojo | 1.2.2 | |
| dojotoolkit | dojo | 1.2.3 | |
| dojotoolkit | dojo | 1.3 | |
| dojotoolkit | dojo | 1.3.1 | |
| dojotoolkit | dojo | 1.3.2 | |
| dojotoolkit | dojo | 1.4 | |
| dojotoolkit | dojo | 1.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1521836E-BCFD-4665-A461-F9CD0DA2195D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "528A98A5-751F-40F1-9AF7-0CB84D0E154A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA636E72-459D-44A8-8278-4E5091975D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A419DC98-A35B-4DFD-994C-B7B31CBE14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B97B59B4-4B4C-4506-8FDF-FA6ADCE0D128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03BC2181-EB91-4E3C-A8D1-EB10A8C931D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A01BDB4-3A20-4834-B9AA-712359938834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DD9CB-1C3A-4C92-A012-86BBE1E02488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30618B0-5361-44E6-A92E-F37C2C597E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A83DF6-675C-4AFA-BABC-65C6E4C73215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA89367-3736-470C-9AB0-C2F3264837AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5116D8F-B46F-404A-804A-26EFD7FA1AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB69EAEF-21A2-48D4-9A11-674A900E6B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "111D0158-345D-45DD-81F5-51E4A95E61B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D44E2A-CAED-4B16-AAF3-A3460341D1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0587636C-C1CC-4F28-AD99-5C5DD6899337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DED8A3-F451-43EB-9FE1-F3AB5E935754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "078F33DC-B71C-4777-A1D6-313A82780592",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto del proceso de generaci\u00f3n en Dojo v0.4.x antes de v0.4.4, v1.0.x antes de v1.0.3, v1.1.x antes de v1.1.2, v1.2.x antes de v1.2.4, v1.3.x antes de v1.3.3, y v1.4.x antes de v1.4.2 tiene las opciones copyTests = true y mini opciones = false, lo que facilita a los atacantes remotos tener un impacto no especificado a trav\u00e9s de una solicitud a (1) una prueba o (2) una demo."
}
],
"id": "CVE-2010-2276",
"lastModified": "2024-11-21T01:16:18.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-15T14:30:01.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38964"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40007"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-02 15:29
Modified
2024-11-21 04:10
Severity ?
Summary
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dojotoolkit | dojo | 1.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68C50401-0F97-4921-A19D-E1CC1172CEA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element."
},
{
"lang": "es",
"value": "dijit.Editor en Dojo Toolkit 1.13 permite Cross-Site Scripting (XSS) a trav\u00e9s del atributo onload de un elemento SVG."
}
],
"id": "CVE-2018-6561",
"lastModified": "2024-11-21T04:10:54.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-02T15:29:00.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-09 15:08
Modified
2024-11-21 00:40
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | struts | 2.0.9 | |
| dojotoolkit | dojo | 0.4.1 | |
| dojotoolkit | dojo | 0.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1BABB2-780E-47E0-87A9-A164906C8421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "528A98A5-751F-40F1-9AF7-0CB84D0E154A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA636E72-459D-44A8-8278-4E5091975D25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) \r\nDojo v0.4.1 y v0.4.2, como el utilizado en Apache Struts y otros productos, permite a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados inplicando a (1) xip_client.html y (2) xip_server.html en src/io/. \r\n"
}
],
"id": "CVE-2007-6726",
"lastModified": "2024-11-21T00:40:51.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-09T15:08:35.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.dojotoolkit.org/releaseNotes/0.4.3"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34660"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49884"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.apache.org/struts/browse/WW-2134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.dojotoolkit.org/releaseNotes/0.4.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.apache.org/struts/browse/WW-2134"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-09 15:08
Modified
2024-11-21 00:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dojotoolkit | dojo | * | |
| dojotoolkit | dojo | 0.1.0 | |
| dojotoolkit | dojo | 0.2.0 | |
| dojotoolkit | dojo | 0.2.1 | |
| dojotoolkit | dojo | 0.2.2 | |
| dojotoolkit | dojo | 0.3.0 | |
| dojotoolkit | dojo | 0.3.1 | |
| dojotoolkit | dojo | 0.4.0 | |
| dojotoolkit | dojo | 0.4.1 | |
| dojotoolkit | dojo | 0.4.2 | |
| dojotoolkit | dojo | 0.4.3 | |
| dojotoolkit | dojo | 0.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72B44884-7A73-4E52-BF22-751E824E1E5B",
"versionEndIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83852B57-3A53-4D77-A96F-981AAE36E420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B6EEA9-7DA2-4654-93AC-C689E305BB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD690AA-F874-45F0-BF71-D9E7CD27F7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76E3DF57-4959-4442-B480-2AC6602290D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "754DB42B-D1C6-4673-B795-9DBBFFC0B6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19A04248-DA1A-4D71-A7D2-49D908352D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1521836E-BCFD-4665-A461-F9CD0DA2195D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "528A98A5-751F-40F1-9AF7-0CB84D0E154A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA636E72-459D-44A8-8278-4E5091975D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A419DC98-A35B-4DFD-994C-B7B31CBE14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "096A2AB6-5CED-47CC-81EC-6D4D4A890777",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element."
},
{
"lang": "es",
"value": "vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en dijit.Editor en Dojo anteriores a v1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de entidades en un elemento TEXTAREA."
}
],
"id": "CVE-2008-6681",
"lastModified": "2024-11-21T00:57:11.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-09T15:08:35.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://trac.dojotoolkit.org/ticket/2140"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.dojotoolkit.org/book/dojo-1-1-release-notes"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34661"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://trac.dojotoolkit.org/ticket/2140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.dojotoolkit.org/book/dojo-1-1-release-notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49883"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-18 02:29
Modified
2024-11-21 03:50
Severity ?
Summary
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dojotoolkit.org/blog/dojo-1-14-released | Vendor Advisory | |
| cve@mitre.org | https://github.com/dojo/dojox/pull/283 | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dojotoolkit.org/blog/dojo-1-14-released | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/dojo/dojox/pull/283 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dojotoolkit | dojo | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "369878CD-C195-4BA6-8F1A-D2BADF0F1D21",
"versionEndExcluding": "1.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid."
},
{
"lang": "es",
"value": "En Dojo Toolkit en versiones anteriores a la 1.14, hay una inyecci\u00f3n de cadenas no escapadas en dojox/Grid/DataGrid."
}
],
"id": "CVE-2018-15494",
"lastModified": "2024-11-21T03:50:56.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-18T02:29:01.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/dojo/dojox/pull/283"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/dojo/dojox/pull/283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-15 14:30
Modified
2024-11-21 01:16
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dojotoolkit | dojo | * | |
| dojotoolkit | dojo | 0.1.0 | |
| dojotoolkit | dojo | 0.2.0 | |
| dojotoolkit | dojo | 0.2.1 | |
| dojotoolkit | dojo | 0.2.2 | |
| dojotoolkit | dojo | 0.3.0 | |
| dojotoolkit | dojo | 0.3.1 | |
| dojotoolkit | dojo | 0.4.0 | |
| dojotoolkit | dojo | 0.4.1 | |
| dojotoolkit | dojo | 0.4.2 | |
| dojotoolkit | dojo | 0.4.3 | |
| dojotoolkit | dojo | 0.9.0 | |
| dojotoolkit | dojo | 0.9.0 | |
| dojotoolkit | dojo | 1.0 | |
| dojotoolkit | dojo | 1.0.1 | |
| dojotoolkit | dojo | 1.0.2 | |
| dojotoolkit | dojo | 1.1 | |
| dojotoolkit | dojo | 1.1.1 | |
| dojotoolkit | dojo | 1.2 | |
| dojotoolkit | dojo | 1.2.1 | |
| dojotoolkit | dojo | 1.2.2 | |
| dojotoolkit | dojo | 1.2.3 | |
| dojotoolkit | dojo | 1.3 | |
| dojotoolkit | dojo | 1.3.1 | |
| dojotoolkit | dojo | 1.3.2 | |
| dojotoolkit | dojo | 1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B30B4F51-AFF3-446E-9F67-1DC9297929FD",
"versionEndIncluding": "1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83852B57-3A53-4D77-A96F-981AAE36E420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B6EEA9-7DA2-4654-93AC-C689E305BB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD690AA-F874-45F0-BF71-D9E7CD27F7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76E3DF57-4959-4442-B480-2AC6602290D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "754DB42B-D1C6-4673-B795-9DBBFFC0B6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19A04248-DA1A-4D71-A7D2-49D908352D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1521836E-BCFD-4665-A461-F9CD0DA2195D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "528A98A5-751F-40F1-9AF7-0CB84D0E154A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA636E72-459D-44A8-8278-4E5091975D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A419DC98-A35B-4DFD-994C-B7B31CBE14A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "096A2AB6-5CED-47CC-81EC-6D4D4A890777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.9.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "1914405D-491F-4CDF-89D5-B8DD7FC63ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B97B59B4-4B4C-4506-8FDF-FA6ADCE0D128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03BC2181-EB91-4E3C-A8D1-EB10A8C931D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A01BDB4-3A20-4834-B9AA-712359938834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DD9CB-1C3A-4C92-A012-86BBE1E02488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30618B0-5361-44E6-A92E-F37C2C597E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A83DF6-675C-4AFA-BABC-65C6E4C73215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA89367-3736-470C-9AB0-C2F3264837AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5116D8F-B46F-404A-804A-26EFD7FA1AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB69EAEF-21A2-48D4-9A11-674A900E6B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "111D0158-345D-45DD-81F5-51E4A95E61B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65D44E2A-CAED-4B16-AAF3-A3460341D1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0587636C-C1CC-4F28-AD99-5C5DD6899337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DED8A3-F451-43EB-9FE1-F3AB5E935754",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias en sitios cruzados(XSS) en Dijit/tests/_testCommon.js en Dojo Toolkit SDK antes de v1.4.2 permite a atacantes remotos inyectar HTML o secuencias de comandos web a trav\u00e9s del par\u00e1metro \u0027theme\u0027, como lo demuestra un ataque contra Dijit/tests/form/test_Button.html."
}
],
"id": "CVE-2010-2275",
"lastModified": "2024-11-21T01:16:17.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-15T14:30:01.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38964"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40007"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-11 01:59
Modified
2024-11-21 02:33
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dojotoolkit | dojo | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0890551C-2EF5-4205-BFB8-3EC8995D2D9F",
"versionEndIncluding": "1.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Dojo Toolkit en versiones anteriores a 1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-5654",
"lastModified": "2024-11-21T02:33:33.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-11T01:59:03.690",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN13456571/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000153"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975256"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/77026"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securitytracker.com/id/1034848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN13456571/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034848"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-06 17:29
Modified
2024-11-21 03:40
Severity ?
Summary
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dojotoolkit.org/blog/dojo-1-14-released | Patch, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/dojo/dojo/pull/307 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dojotoolkit.org/blog/dojo-1-14-released | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/dojo/dojo/pull/307 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dojotoolkit | dojo | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dojotoolkit:dojo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A02560-6514-4D87-A6E3-AFA7C3E3F9A2",
"versionEndIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker\u0027s control; the XSS vulnerability on the target domain is silently exploited without the victim\u0027s knowledge. This vulnerability appears to have been fixed in 1.14."
},
{
"lang": "es",
"value": "Dojo Dojo Objective Harness (DOH) en versiones anteriores a la 1.14 contiene una vulnerabilidad de Cross-Site Scripting (XSS) en unit.html, testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html y testsDOH/_base/i18nExhaustive.js en el DOH que puede resultar en que la v\u00edctima atacada a trav\u00e9s de su navegador extienda malware, robe cookies HTTP u omita la confianza de CORS. El ataque parece ser explotable de esta forma: las v\u00edctimas suelen ser atra\u00eddas a un sitio web bajo el control del atacante; la vulnerabilidad XSS en el dominio objetivo se explota sin que la v\u00edctima lo sepa. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.14."
}
],
"id": "CVE-2018-1000665",
"lastModified": "2024-11-21T03:40:21.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-06T17:29:01.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/dojo/dojo/pull/307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/dojo/dojo/pull/307"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}