CVE-2010-2274Open Redirect in Dojo

CWE-601Open Redirect6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
1.0%
top 23.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linuxfoundation DojoDojotoolkit Dojo
Timeline
PublishedJun 15
Latest updateMay 17

Description

Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, an

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Debianlinuxfoundation/dojo< 1.4.2+dfsg-1+3
NVDdojotoolkit/dojo14 versions+13

Patches

Patch: dojotoolkit.orgPatch: dojotoolkit.org

🔴Vulnerability Details

4
GHSA
Dojo Open Redirect vulnerability2022-05-17
OSV
Dojo Open Redirect vulnerability2022-05-17
OSV
CVE-2010-2274: Multiple open redirect vulnerabilities in Dojo 12010-06-15
CVEList
CVE-2010-2274: Multiple open redirect vulnerabilities in Dojo 12010-06-14

📋Vendor Advisories

1
Debian
CVE-2010-2274: dojo - Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before ...2010
CVE-2010-2274 — Open Redirect in Dojotoolkit Dojo | cvebase