Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2018-1000665 (GCVE-0-2018-1000665)

Vulnerability from cvelistv5 – Published: 2018-09-06 17:00 – Updated: 2024-09-17 01:00

Summary

Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://dojotoolkit.org/blog/dojo-1-14-released	x_refsource_CONFIRM
	https://github.com/dojo/dojo/pull/307	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:40:47.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://dojotoolkit.org/blog/dojo-1-14-released"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/dojo/dojo/pull/307"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker\u0027s control; the XSS vulnerability on the target domain is silently exploited without the victim\u0027s knowledge. This vulnerability appears to have been fixed in 1.14."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-06T17:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://dojotoolkit.org/blog/dojo-1-14-released"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/dojo/dojo/pull/307"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-09-03T16:07:16.974886",
          "DATE_REQUESTED": "2018-08-22T22:28:15",
          "ID": "CVE-2018-1000665",
          "REQUESTER": "setenforce1@gmail.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker\u0027s control; the XSS vulnerability on the target domain is silently exploited without the victim\u0027s knowledge. This vulnerability appears to have been fixed in 1.14."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://dojotoolkit.org/blog/dojo-1-14-released",
              "refsource": "CONFIRM",
              "url": "https://dojotoolkit.org/blog/dojo-1-14-released"
            },
            {
              "name": "https://github.com/dojo/dojo/pull/307",
              "refsource": "CONFIRM",
              "url": "https://github.com/dojo/dojo/pull/307"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000665",
    "datePublished": "2018-09-06T17:00:00Z",
    "dateReserved": "2018-09-06T00:00:00Z",
    "dateUpdated": "2024-09-17T01:00:37.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-15494 (GCVE-0-2018-15494)

Vulnerability from cvelistv5 – Published: 2018-08-18 02:00 – Updated: 2024-08-05 09:54

Summary

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://dojotoolkit.org/blog/dojo-1-14-released	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://github.com/dojo/dojox/pull/283	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:54:03.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://dojotoolkit.org/blog/dojo-1-14-released"
          },
          {
            "name": "[debian-lts-announce] 20180903 [SECURITY] [DLA 1492-1] dojo security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dojo/dojox/pull/283"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-08-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-03T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://dojotoolkit.org/blog/dojo-1-14-released"
        },
        {
          "name": "[debian-lts-announce] 20180903 [SECURITY] [DLA 1492-1] dojo security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dojo/dojox/pull/283"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-15494",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://dojotoolkit.org/blog/dojo-1-14-released",
              "refsource": "MISC",
              "url": "https://dojotoolkit.org/blog/dojo-1-14-released"
            },
            {
              "name": "[debian-lts-announce] 20180903 [SECURITY] [DLA 1492-1] dojo security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html"
            },
            {
              "name": "https://github.com/dojo/dojox/pull/283",
              "refsource": "MISC",
              "url": "https://github.com/dojo/dojox/pull/283"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-15494",
    "datePublished": "2018-08-18T02:00:00",
    "dateReserved": "2018-08-17T00:00:00",
    "dateUpdated": "2024-08-05T09:54:03.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-6561 (GCVE-0-2018-6561)

Vulnerability from cvelistv5 – Published: 2018-02-02 15:00 – Updated: 2024-09-16 23:41

Summary

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

https://github.com/imsebao/404team/blob/master/di…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:10:10.199Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-02T15:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-6561",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md",
              "refsource": "MISC",
              "url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-6561",
    "datePublished": "2018-02-02T15:00:00Z",
    "dateReserved": "2018-02-02T00:00:00Z",
    "dateUpdated": "2024-09-16T23:41:05.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-5654 (GCVE-0-2015-5654)

Vulnerability from cvelistv5 – Published: 2015-10-11 01:00 – Updated: 2024-08-06 06:59

Summary

Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

jpcert

References

URL

Tags

	http://www.securityfocus.com/bid/77026	vdb-entryx_refsource_BID
	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000153	third-party-advisoryx_refsource_JVNDB
	http://jvn.jp/en/jp/JVN13456571/index.html	third-party-advisoryx_refsource_JVN
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034848	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:59:03.704Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "77026",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77026"
          },
          {
            "name": "JVNDB-2015-000153",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000153"
          },
          {
            "name": "JVN#13456571",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN13456571/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975256"
          },
          {
            "name": "1034848",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034848"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-02T20:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "77026",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77026"
        },
        {
          "name": "JVNDB-2015-000153",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000153"
        },
        {
          "name": "JVN#13456571",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN13456571/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975256"
        },
        {
          "name": "1034848",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034848"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2015-5654",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "77026",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77026"
            },
            {
              "name": "JVNDB-2015-000153",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000153"
            },
            {
              "name": "JVN#13456571",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN13456571/index.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21975256",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975256"
            },
            {
              "name": "1034848",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034848"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2015-5654",
    "datePublished": "2015-10-11T01:00:00",
    "dateReserved": "2015-07-24T00:00:00",
    "dateUpdated": "2024-08-06T06:59:03.704Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-2273 (GCVE-0-2010-2273)

Vulnerability from cvelistv5 – Published: 2010-06-14 19:00 – Updated: 2024-09-16 16:28

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2010/1281	vdb-entryx_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://bugs.dojotoolkit.org/ticket/10773	x_refsource_CONFIRM
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://secunia.com/advisories/38964	third-party-advisoryx_refsource_SECUNIA
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://dojotoolkit.org/blog/post/dylan/2010/03/do…	x_refsource_CONFIRM
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://secunia.com/advisories/40007	third-party-advisoryx_refsource_SECUNIA
	http://www.gdssecurity.com/l/b/2010/03/12/multipl…	x_refsource_MISC
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:25:07.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-1281",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1281"
          },
          {
            "name": "LO50849",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
          },
          {
            "name": "LO50932",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.dojotoolkit.org/ticket/10773"
          },
          {
            "name": "LO50994",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
          },
          {
            "name": "LO50833",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
          },
          {
            "name": "38964",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38964"
          },
          {
            "name": "LO50958",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
          },
          {
            "name": "LO50856",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
          },
          {
            "name": "LO50896",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
          },
          {
            "name": "40007",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40007"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-06-14T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2010-1281",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1281"
        },
        {
          "name": "LO50849",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
        },
        {
          "name": "LO50932",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.dojotoolkit.org/ticket/10773"
        },
        {
          "name": "LO50994",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
        },
        {
          "name": "LO50833",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
        },
        {
          "name": "38964",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38964"
        },
        {
          "name": "LO50958",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
        },
        {
          "name": "LO50856",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
        },
        {
          "name": "LO50896",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
        },
        {
          "name": "40007",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40007"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2273",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2010-1281",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1281"
            },
            {
              "name": "LO50849",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
            },
            {
              "name": "LO50932",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
            },
            {
              "name": "http://bugs.dojotoolkit.org/ticket/10773",
              "refsource": "CONFIRM",
              "url": "http://bugs.dojotoolkit.org/ticket/10773"
            },
            {
              "name": "LO50994",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
            },
            {
              "name": "LO50833",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
            },
            {
              "name": "38964",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38964"
            },
            {
              "name": "LO50958",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
            },
            {
              "name": "LO50856",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
            },
            {
              "name": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
              "refsource": "CONFIRM",
              "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
            },
            {
              "name": "LO50896",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
            },
            {
              "name": "40007",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40007"
            },
            {
              "name": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/",
              "refsource": "MISC",
              "url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2273",
    "datePublished": "2010-06-14T19:00:00Z",
    "dateReserved": "2010-06-14T00:00:00Z",
    "dateUpdated": "2024-09-16T16:28:07.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-2275 (GCVE-0-2010-2275)

Vulnerability from cvelistv5 – Published: 2010-06-14 19:00 – Updated: 2024-09-16 17:03

Summary

Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2010/1281	vdb-entryx_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://bugs.dojotoolkit.org/ticket/10773	x_refsource_CONFIRM
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://secunia.com/advisories/38964	third-party-advisoryx_refsource_SECUNIA
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://secunia.com/advisories/40007	third-party-advisoryx_refsource_SECUNIA
	http://www.gdssecurity.com/l/b/2010/03/12/multipl…	x_refsource_MISC
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:25:07.773Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-1281",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1281"
          },
          {
            "name": "LO50849",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
          },
          {
            "name": "LO50932",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.dojotoolkit.org/ticket/10773"
          },
          {
            "name": "LO50994",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
          },
          {
            "name": "LO50833",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
          },
          {
            "name": "38964",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38964"
          },
          {
            "name": "LO50958",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
          },
          {
            "name": "LO50856",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
          },
          {
            "name": "LO50896",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
          },
          {
            "name": "40007",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40007"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-06-14T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2010-1281",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1281"
        },
        {
          "name": "LO50849",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
        },
        {
          "name": "LO50932",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.dojotoolkit.org/ticket/10773"
        },
        {
          "name": "LO50994",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
        },
        {
          "name": "LO50833",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
        },
        {
          "name": "38964",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38964"
        },
        {
          "name": "LO50958",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
        },
        {
          "name": "LO50856",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
        },
        {
          "name": "LO50896",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
        },
        {
          "name": "40007",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40007"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2275",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2010-1281",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1281"
            },
            {
              "name": "LO50849",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
            },
            {
              "name": "LO50932",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
            },
            {
              "name": "http://bugs.dojotoolkit.org/ticket/10773",
              "refsource": "CONFIRM",
              "url": "http://bugs.dojotoolkit.org/ticket/10773"
            },
            {
              "name": "LO50994",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
            },
            {
              "name": "LO50833",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
            },
            {
              "name": "38964",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38964"
            },
            {
              "name": "LO50958",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
            },
            {
              "name": "LO50856",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
            },
            {
              "name": "LO50896",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
            },
            {
              "name": "40007",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40007"
            },
            {
              "name": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/",
              "refsource": "MISC",
              "url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2275",
    "datePublished": "2010-06-14T19:00:00Z",
    "dateReserved": "2010-06-14T00:00:00Z",
    "dateUpdated": "2024-09-16T17:03:04.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-2272 (GCVE-0-2010-2272)

Vulnerability from cvelistv5 – Published: 2010-06-14 19:00 – Updated: 2024-09-17 01:16

Summary

Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/38964	third-party-advisoryx_refsource_SECUNIA
	http://dojotoolkit.org/blog/post/dylan/2010/03/do…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:25:07.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38964",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38964"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-06-14T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "38964",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38964"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2272",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38964",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38964"
            },
            {
              "name": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
              "refsource": "CONFIRM",
              "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2272",
    "datePublished": "2010-06-14T19:00:00Z",
    "dateReserved": "2010-06-14T00:00:00Z",
    "dateUpdated": "2024-09-17T01:16:18.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-2276 (GCVE-0-2010-2276)

Vulnerability from cvelistv5 – Published: 2010-06-14 19:00 – Updated: 2024-09-17 00:16

Summary

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2010/1281	vdb-entryx_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://secunia.com/advisories/38964	third-party-advisoryx_refsource_SECUNIA
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://dojotoolkit.org/blog/post/dylan/2010/03/do…	x_refsource_CONFIRM
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://secunia.com/advisories/40007	third-party-advisoryx_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:25:07.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-1281",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1281"
          },
          {
            "name": "LO50849",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
          },
          {
            "name": "LO50932",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
          },
          {
            "name": "LO50994",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
          },
          {
            "name": "LO50833",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
          },
          {
            "name": "38964",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38964"
          },
          {
            "name": "LO50958",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
          },
          {
            "name": "LO50856",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
          },
          {
            "name": "LO50896",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
          },
          {
            "name": "40007",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40007"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-06-14T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2010-1281",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1281"
        },
        {
          "name": "LO50849",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
        },
        {
          "name": "LO50932",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
        },
        {
          "name": "LO50994",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
        },
        {
          "name": "LO50833",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
        },
        {
          "name": "38964",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38964"
        },
        {
          "name": "LO50958",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
        },
        {
          "name": "LO50856",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
        },
        {
          "name": "LO50896",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
        },
        {
          "name": "40007",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40007"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2276",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2010-1281",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1281"
            },
            {
              "name": "LO50849",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
            },
            {
              "name": "LO50932",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
            },
            {
              "name": "LO50994",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
            },
            {
              "name": "LO50833",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
            },
            {
              "name": "38964",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38964"
            },
            {
              "name": "LO50958",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
            },
            {
              "name": "LO50856",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
            },
            {
              "name": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
              "refsource": "CONFIRM",
              "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
            },
            {
              "name": "LO50896",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
            },
            {
              "name": "40007",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40007"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2276",
    "datePublished": "2010-06-14T19:00:00Z",
    "dateReserved": "2010-06-14T00:00:00Z",
    "dateUpdated": "2024-09-17T00:16:42.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-2274 (GCVE-0-2010-2274)

Vulnerability from cvelistv5 – Published: 2010-06-14 19:00 – Updated: 2024-09-17 00:51

Summary

Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2010/1281	vdb-entryx_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://secunia.com/advisories/38964	third-party-advisoryx_refsource_SECUNIA
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://dojotoolkit.org/blog/post/dylan/2010/03/do…	x_refsource_CONFIRM
	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://secunia.com/advisories/40007	third-party-advisoryx_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:25:07.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-1281",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1281"
          },
          {
            "name": "LO50849",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
          },
          {
            "name": "LO50932",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
          },
          {
            "name": "LO50994",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
          },
          {
            "name": "LO50833",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
          },
          {
            "name": "38964",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38964"
          },
          {
            "name": "LO50958",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
          },
          {
            "name": "LO50856",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
          },
          {
            "name": "LO50896",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
          },
          {
            "name": "40007",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40007"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-06-14T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2010-1281",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1281"
        },
        {
          "name": "LO50849",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
        },
        {
          "name": "LO50932",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
        },
        {
          "name": "LO50994",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
        },
        {
          "name": "LO50833",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
        },
        {
          "name": "38964",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38964"
        },
        {
          "name": "LO50958",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
        },
        {
          "name": "LO50856",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
        },
        {
          "name": "LO50896",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
        },
        {
          "name": "40007",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40007"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2274",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2010-1281",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1281"
            },
            {
              "name": "LO50849",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
            },
            {
              "name": "LO50932",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
            },
            {
              "name": "LO50994",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
            },
            {
              "name": "LO50833",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
            },
            {
              "name": "38964",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38964"
            },
            {
              "name": "LO50958",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
            },
            {
              "name": "LO50856",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
            },
            {
              "name": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
              "refsource": "CONFIRM",
              "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
            },
            {
              "name": "LO50896",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
            },
            {
              "name": "40007",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40007"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2274",
    "datePublished": "2010-06-14T19:00:00Z",
    "dateReserved": "2010-06-14T00:00:00Z",
    "dateUpdated": "2024-09-17T00:51:43.125Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-6681 (GCVE-0-2008-6681)

Vulnerability from cvelistv5 – Published: 2009-04-09 15:00 – Updated: 2024-08-07 11:42

Summary

Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/34661	vdb-entryx_refsource_BID
	http://www.dojotoolkit.org/book/dojo-1-1-release-notes	x_refsource_CONFIRM
	http://trac.dojotoolkit.org/ticket/2140	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:42:00.160Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "dojo-dijiteditor-xss(49883)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49883"
          },
          {
            "name": "34661",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34661"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.dojotoolkit.org/book/dojo-1-1-release-notes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://trac.dojotoolkit.org/ticket/2140"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "dojo-dijiteditor-xss(49883)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49883"
        },
        {
          "name": "34661",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34661"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.dojotoolkit.org/book/dojo-1-1-release-notes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://trac.dojotoolkit.org/ticket/2140"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-6681",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "dojo-dijiteditor-xss(49883)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49883"
            },
            {
              "name": "34661",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34661"
            },
            {
              "name": "http://www.dojotoolkit.org/book/dojo-1-1-release-notes",
              "refsource": "CONFIRM",
              "url": "http://www.dojotoolkit.org/book/dojo-1-1-release-notes"
            },
            {
              "name": "http://trac.dojotoolkit.org/ticket/2140",
              "refsource": "MISC",
              "url": "http://trac.dojotoolkit.org/ticket/2140"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-6681",
    "datePublished": "2009-04-09T15:00:00",
    "dateReserved": "2009-04-09T00:00:00",
    "dateUpdated": "2024-08-07T11:42:00.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-6726 (GCVE-0-2007-6726)

Vulnerability from cvelistv5 – Published: 2009-04-09 15:00 – Updated: 2024-08-07 16:18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.dojotoolkit.org/releaseNotes/0.4.3	x_refsource_CONFIRM
	http://www.dojotoolkit.org/2007/05/26/0-4-3-relea…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://issues.apache.org/struts/browse/WW-2134	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/34660	vdb-entryx_refsource_BID
	http://www.dojotoolkit.org/0-4-3-and-updated-0-4-…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:18:20.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.dojotoolkit.org/releaseNotes/0.4.3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately"
          },
          {
            "name": "dojo-xipclient-xipserver-xss(49884)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49884"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/struts/browse/WW-2134"
          },
          {
            "name": "34660",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34660"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.dojotoolkit.org/releaseNotes/0.4.3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately"
        },
        {
          "name": "dojo-xipclient-xipserver-xss(49884)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49884"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/struts/browse/WW-2134"
        },
        {
          "name": "34660",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34660"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6726",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.dojotoolkit.org/releaseNotes/0.4.3",
              "refsource": "CONFIRM",
              "url": "http://www.dojotoolkit.org/releaseNotes/0.4.3"
            },
            {
              "name": "http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately",
              "refsource": "CONFIRM",
              "url": "http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately"
            },
            {
              "name": "dojo-xipclient-xipserver-xss(49884)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49884"
            },
            {
              "name": "https://issues.apache.org/struts/browse/WW-2134",
              "refsource": "CONFIRM",
              "url": "https://issues.apache.org/struts/browse/WW-2134"
            },
            {
              "name": "34660",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34660"
            },
            {
              "name": "http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds",
              "refsource": "CONFIRM",
              "url": "http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6726",
    "datePublished": "2009-04-09T15:00:00",
    "dateReserved": "2009-04-09T00:00:00",
    "dateUpdated": "2024-08-07T16:18:20.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

11 vulnerabilities by dojotoolkit

CVE-2018-1000665 (GCVE-0-2018-1000665)

CVE-2018-15494 (GCVE-0-2018-15494)

CVE-2018-6561 (GCVE-0-2018-6561)

CVE-2015-5654 (GCVE-0-2015-5654)

CVE-2010-2273 (GCVE-0-2010-2273)

CVE-2010-2275 (GCVE-0-2010-2275)

CVE-2010-2272 (GCVE-0-2010-2272)

CVE-2010-2276 (GCVE-0-2010-2276)

CVE-2010-2274 (GCVE-0-2010-2274)

CVE-2008-6681 (GCVE-0-2008-6681)

CVE-2007-6726 (GCVE-0-2007-6726)