CVE-2010-2273
Dojo < 1.13.1 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Adam Bixby · textwebappsmultiple
https://www.exploit-db.com/exploits/33765
References (14)
Scores
EPSS
0.4325
EPSS Percentile
97.5%
Details
CWE
CWE-79
Status
published
Products (15)
dojotoolkit/dojo
1.0
dojotoolkit/dojo
1.0.1
dojotoolkit/dojo
1.0.2
dojotoolkit/dojo
1.1
dojotoolkit/dojo
1.1.1
dojotoolkit/dojo
1.2
dojotoolkit/dojo
1.2.1
dojotoolkit/dojo
1.2.2
dojotoolkit/dojo
1.2.3
dojotoolkit/dojo
1.3
... and 5 more
Published
Jun 15, 2010
Tracked Since
Feb 18, 2026