Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2275 — Cross-site Scripting in Dojo

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

17.8%

top 4.86%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linuxfoundation Dojo Dojotoolkit Dojo

Timeline

PublishedJun 15

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDdojotoolkit/dojo1.4.1+24

▶Debianlinuxfoundation/dojo< 1.4.2+dfsg-1+3

🔴Vulnerability Details

GHSA

GHSA-97wc-2m3g-wmcq: Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon↗2022-05-17

▶

OSV

CVE-2010-2275: Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon↗2010-06-15

▶

CVEList

CVE-2010-2275: Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon↗2010-06-14

▶

💥Exploits & PoCs

Exploit-DB

Dojo Toolkit 1.4.1 - '/dijit/tests/_testCommon.js?theme' Cross-Site Scripting↗2010-03-15

▶

📋Vendor Advisories

Debian

CVE-2010-2275: dojo - Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo T...↗2010

▶