gsd - gsd-2010-2273

gsd-2010-2273

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.

Aliases

CVE-2010-2273

Aliases

CVE-2010-2273

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2273",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.",
    "id": "GSD-2010-2273"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2273"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.",
      "id": "GSD-2010-2273",
      "modified": "2023-12-13T01:21:31.186557Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-2273",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2010-1281",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/1281"
          },
          {
            "name": "LO50849",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
          },
          {
            "name": "LO50932",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
          },
          {
            "name": "http://bugs.dojotoolkit.org/ticket/10773",
            "refsource": "CONFIRM",
            "url": "http://bugs.dojotoolkit.org/ticket/10773"
          },
          {
            "name": "LO50994",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
          },
          {
            "name": "LO50833",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
          },
          {
            "name": "38964",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38964"
          },
          {
            "name": "LO50958",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
          },
          {
            "name": "LO50856",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
          },
          {
            "name": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
            "refsource": "CONFIRM",
            "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
          },
          {
            "name": "LO50896",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
          },
          {
            "name": "40007",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/40007"
          },
          {
            "name": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/",
            "refsource": "MISC",
            "url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "=1.13.0||\u003e=1.12.0 \u003c1.12.4||\u003e=1.11.0 \u003c1.11.6||\u003e=1.10.0 \u003c1.10.10",
          "affected_versions": "Version 1.13.0, all versions starting from 1.12.0 before 1.12.4, all versions starting from 1.11.0 before 1.11.6, all versions starting from 1.10.0 before 1.10.10",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2021-08-17",
          "description": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.",
          "fixed_versions": [
            "1.13.1",
            "1.13.1",
            "1.13.1",
            "1.13.1",
            "1.11.6",
            "1.10.10"
          ],
          "identifier": "CVE-2010-2273",
          "identifiers": [
            "GHSA-536q-8gxx-m782",
            "CVE-2010-2273"
          ],
          "not_impacted": "All versions before 1.13.0, all versions after 1.13.0, all versions before 1.12.0, all versions starting from 1.12.4, all versions before 1.11.0, all versions starting from 1.11.6, all versions before 1.10.0, all versions starting from 1.10.10",
          "package_slug": "npm/dojo",
          "pubdate": "2019-09-11",
          "solution": "Upgrade to versions 1.13.1, 1.13.1, 1.13.1, 1.13.1, 1.11.6, 1.10.10 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://github.com/dojo/dojo/pull/307",
            "https://github.com/dojo/dojo/commit/9117ffd5a3863e44c92fcd58564c0da22be858f4",
            "https://bugs.dojotoolkit.org/ticket/10773",
            "https://www.npmjs.com/advisories/972",
            "https://nvd.nist.gov/vuln/detail/CVE-2010-2273",
            "http://bugs.dojotoolkit.org/ticket/10773",
            "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
            "http://secunia.com/advisories/38964",
            "http://secunia.com/advisories/40007",
            "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
            "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833",
            "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849",
            "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856",
            "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896",
            "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932",
            "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958",
            "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994",
            "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/",
            "http://www.vupen.com/english/advisories/2010/1281",
            "https://github.com/advisories/GHSA-536q-8gxx-m782"
          ],
          "uuid": "9b5fc293-6a9a-4880-95f7-ba8054c5119d"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2273"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "LO50896",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"
            },
            {
              "name": "LO50994",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"
            },
            {
              "name": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/"
            },
            {
              "name": "40007",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/40007"
            },
            {
              "name": "ADV-2010-1281",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1281"
            },
            {
              "name": "http://bugs.dojotoolkit.org/ticket/10773",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://bugs.dojotoolkit.org/ticket/10773"
            },
            {
              "name": "LO50856",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"
            },
            {
              "name": "38964",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38964"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472"
            },
            {
              "name": "LO50849",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"
            },
            {
              "name": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"
            },
            {
              "name": "LO50833",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"
            },
            {
              "name": "LO50958",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"
            },
            {
              "name": "LO50932",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2010-06-16T04:00Z",
      "publishedDate": "2010-06-15T14:30Z"
    }
  }
}

CVE-2010-2273 (GCVE-0-2010-2273)

Vulnerability from cvelistv5

Published

2010-06-14 19:00

Modified

2024-09-16 16:28

Severity ?

CWE

Summary

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2010/1281	vdb-entry, x_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849	vendor-advisory, x_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932	vendor-advisory, x_refsource_AIXAPAR
	http://bugs.dojotoolkit.org/ticket/10773	x_refsource_CONFIRM
	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994	vendor-advisory, x_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/38964	third-party-advisory, x_refsource_SECUNIA
	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958	vendor-advisory, x_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856	vendor-advisory, x_refsource_AIXAPAR
	http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/	x_refsource_CONFIRM
	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/40007	third-party-advisory, x_refsource_SECUNIA
	http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/	x_refsource_MISC
	http://www-01.ibm.com/support/docview.wss?uid=swg21431472	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website