 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2010-2273 |
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html. |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-2273 AIX APAR: LO50833 http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833 AIX APAR: LO50849 http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849 AIX APAR: LO50856 http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856 AIX APAR: LO50896 http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896 AIX APAR: LO50932 http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932 AIX APAR: LO50958 http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958 AIX APAR: LO50994 http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994 http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/ http://secunia.com/advisories/38964 http://secunia.com/advisories/40007 http://www.vupen.com/english/advisories/2010/1281 |