cve-2010-2275
Vulnerability from cvelistv5
Published
2010-06-14 19:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1281",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"name": "LO50994",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"name": "LO50896",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-1281",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"name": "LO50994",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"name": "LO50896",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1281",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1281"
},
{
"name": "LO50849",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
},
{
"name": "LO50932",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
},
{
"name": "http://bugs.dojotoolkit.org/ticket/10773",
"refsource": "CONFIRM",
"url": "http://bugs.dojotoolkit.org/ticket/10773"
},
{
"name": "LO50994",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
},
{
"name": "LO50833",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
},
{
"name": "38964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38964"
},
{
"name": "LO50958",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
},
{
"name": "LO50856",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
},
{
"name": "LO50896",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
},
{
"name": "40007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40007"
},
{
"name": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/",
"refsource": "MISC",
"url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2275",
"datePublished": "2010-06-14T19:00:00Z",
"dateReserved": "2010-06-14T00:00:00Z",
"dateUpdated": "2024-09-16T17:03:04.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.4.1\", \"matchCriteriaId\": \"B30B4F51-AFF3-446E-9F67-1DC9297929FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:0.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83852B57-3A53-4D77-A96F-981AAE36E420\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:0.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1B6EEA9-7DA2-4654-93AC-C689E305BB7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:0.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFD690AA-F874-45F0-BF71-D9E7CD27F7A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:0.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76E3DF57-4959-4442-B480-2AC6602290D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"754DB42B-D1C6-4673-B795-9DBBFFC0B6CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:0.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19A04248-DA1A-4D71-A7D2-49D908352D05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:0.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1521836E-BCFD-4665-A461-F9CD0DA2195D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"528A98A5-751F-40F1-9AF7-0CB84D0E154A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA636E72-459D-44A8-8278-4E5091975D25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:0.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A419DC98-A35B-4DFD-994C-B7B31CBE14A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:0.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"096A2AB6-5CED-47CC-81EC-6D4D4A890777\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:0.9.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"1914405D-491F-4CDF-89D5-B8DD7FC63ED0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B97B59B4-4B4C-4506-8FDF-FA6ADCE0D128\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03BC2181-EB91-4E3C-A8D1-EB10A8C931D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A01BDB4-3A20-4834-B9AA-712359938834\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F26DD9CB-1C3A-4C92-A012-86BBE1E02488\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A30618B0-5361-44E6-A92E-F37C2C597E2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1A83DF6-675C-4AFA-BABC-65C6E4C73215\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAA89367-3736-470C-9AB0-C2F3264837AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5116D8F-B46F-404A-804A-26EFD7FA1AFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB69EAEF-21A2-48D4-9A11-674A900E6B2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"111D0158-345D-45DD-81F5-51E4A95E61B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65D44E2A-CAED-4B16-AAF3-A3460341D1ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0587636C-C1CC-4F28-AD99-5C5DD6899337\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dojotoolkit:dojo:1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3DED8A3-F451-43EB-9FE1-F3AB5E935754\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ejecuci\\u00f3n de secuencias en sitios cruzados(XSS) en Dijit/tests/_testCommon.js en Dojo Toolkit SDK antes de v1.4.2 permite a atacantes remotos inyectar HTML o secuencias de comandos web a trav\\u00e9s del par\\u00e1metro \u0027theme\u0027, como lo demuestra un ataque contra Dijit/tests/form/test_Button.html.\"}]",
"id": "CVE-2010-2275",
"lastModified": "2024-11-21T01:16:17.910",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2010-06-15T14:30:01.517",
"references": "[{\"url\": \"http://bugs.dojotoolkit.org/ticket/10773\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/38964\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/40007\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21431472\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/1281\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://bugs.dojotoolkit.org/ticket/10773\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/38964\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/40007\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21431472\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/1281\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2010-2275\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-06-15T14:30:01.517\",\"lastModified\":\"2024-11-21T01:16:17.910\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de secuencias en sitios cruzados(XSS) en Dijit/tests/_testCommon.js en Dojo Toolkit SDK antes de v1.4.2 permite a atacantes remotos inyectar HTML o secuencias de comandos web a trav\u00e9s del par\u00e1metro \u0027theme\u0027, como lo demuestra un ataque contra Dijit/tests/form/test_Button.html.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.1\",\"matchCriteriaId\":\"B30B4F51-AFF3-446E-9F67-1DC9297929FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83852B57-3A53-4D77-A96F-981AAE36E420\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1B6EEA9-7DA2-4654-93AC-C689E305BB7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:0.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD690AA-F874-45F0-BF71-D9E7CD27F7A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:0.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76E3DF57-4959-4442-B480-2AC6602290D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"754DB42B-D1C6-4673-B795-9DBBFFC0B6CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19A04248-DA1A-4D71-A7D2-49D908352D05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1521836E-BCFD-4665-A461-F9CD0DA2195D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"528A98A5-751F-40F1-9AF7-0CB84D0E154A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA636E72-459D-44A8-8278-4E5091975D25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:0.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A419DC98-A35B-4DFD-994C-B7B31CBE14A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:0.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"096A2AB6-5CED-47CC-81EC-6D4D4A890777\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:0.9.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"1914405D-491F-4CDF-89D5-B8DD7FC63ED0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B97B59B4-4B4C-4506-8FDF-FA6ADCE0D128\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03BC2181-EB91-4E3C-A8D1-EB10A8C931D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A01BDB4-3A20-4834-B9AA-712359938834\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F26DD9CB-1C3A-4C92-A012-86BBE1E02488\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A30618B0-5361-44E6-A92E-F37C2C597E2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1A83DF6-675C-4AFA-BABC-65C6E4C73215\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAA89367-3736-470C-9AB0-C2F3264837AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5116D8F-B46F-404A-804A-26EFD7FA1AFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB69EAEF-21A2-48D4-9A11-674A900E6B2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"111D0158-345D-45DD-81F5-51E4A95E61B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65D44E2A-CAED-4B16-AAF3-A3460341D1ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0587636C-C1CC-4F28-AD99-5C5DD6899337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dojotoolkit:dojo:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3DED8A3-F451-43EB-9FE1-F3AB5E935754\"}]}]}],\"references\":[{\"url\":\"http://bugs.dojotoolkit.org/ticket/10773\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/38964\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40007\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21431472\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1281\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://bugs.dojotoolkit.org/ticket/10773\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/38964\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40007\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21431472\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.