Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2273Cross-site Scripting in Dojo

CWE-79Cross-site Scripting7 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
43.2%
top 2.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Linuxfoundation DojoDojotoolkit Dojo
Timeline
PublishedJun 15
Latest updateSep 11

Description

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

npmlinuxfoundation/dojo1.13.01.13.1+3
Debianlinuxfoundation/dojo< 1.4.2+dfsg-1+3
NVDdojotoolkit/dojo14 versions+13

Patches

Patch: dojotoolkit.orgPatch: dojotoolkit.org

🔴Vulnerability Details

4
OSV
Cross-Site Scripting in dojo2019-09-11
GHSA
Cross-Site Scripting in dojo2019-09-11
OSV
CVE-2010-2273: Multiple cross-site scripting (XSS) vulnerabilities in Dojo 12010-06-15
CVEList
CVE-2010-2273: Multiple cross-site scripting (XSS) vulnerabilities in Dojo 12010-06-14

💥Exploits & PoCs

1
Exploit-DB
Dojo Toolkit 1.4.1 - '/doh/runner.html' Multiple Cross-Site Scripting Vulnerabilities2010-03-15

📋Vendor Advisories

1
Debian
CVE-2010-2273: dojo - Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, ...2010
CVE-2010-2273 — Cross-site Scripting in Dojo | cvebase