CVE-2010-2275: XSS
Published Jun 14, 2010
·Updated
Cross-site scripting (XSS) vulnerability in dijit/tests/testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/testButton.html.
Affected Software
26 affected components
Dojotoolkit Dojo<=1.4.1
Dojotoolkit Dojo=0.1.0
Dojotoolkit Dojo=0.2.0
Dojotoolkit Dojo=0.2.1
Dojotoolkit Dojo=0.2.2
Dojotoolkit Dojo=0.3.0
Dojotoolkit Dojo=0.3.1
Dojotoolkit Dojo=0.4.0
Dojotoolkit Dojo=0.4.1
Dojotoolkit Dojo=0.4.2
Dojotoolkit Dojo=0.4.3
Dojotoolkit Dojo=0.9.0
Dojotoolkit Dojo=0.9.0-beta
Dojotoolkit Dojo=1.0
Dojotoolkit Dojo=1.0.1
Dojotoolkit Dojo=1.0.2
Dojotoolkit Dojo=1.1
Dojotoolkit Dojo=1.1.1
Dojotoolkit Dojo=1.2
Dojotoolkit Dojo=1.2.1
Dojotoolkit Dojo=1.2.2
Dojotoolkit Dojo=1.2.3
Dojotoolkit Dojo=1.3
Dojotoolkit Dojo=1.3.1
Dojotoolkit Dojo=1.3.2
Dojotoolkit Dojo=1.4
Event History
Jun 14, 2010
CVE Published
via MITRE·07:00 PM
Data Sourced
via MITRE·07:00 PM
Description
Frequently Asked Questions
1
What is the severity of CVE-2010-2275?
CVE-2010-2275 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
2
How do I fix CVE-2010-2275?
To fix CVE-2010-2275, you should upgrade to Dojo Toolkit SDK version 1.4.2 or later.
3
What does CVE-2010-2275 affect?
CVE-2010-2275 affects various versions of the Dojo Toolkit SDK prior to 1.4.2.
4
How does CVE-2010-2275 exploit work?
CVE-2010-2275 allows attackers to inject arbitrary web script or HTML through the theme parameter.
5
Is CVE-2010-2275 still a risk if I use a patched version of Dojo Toolkit?
If you are using a patched version of Dojo Toolkit, CVE-2010-2275 should no longer pose a risk.