CVE-2010-2275

Dojo Toolkit SDK < 1.4.2 - Cross-Site Scripting via Theme Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2275. PoCs published by Adam Bixby.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Dojo versions prior to 1.4.2. It includes a proof-of-concept URL demonstrating how an attacker could inject arbitrary script code into a vulnerable page.

Description

Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Adam Bixby · textwebappsmultiple

https://www.exploit-db.com/exploits/33764

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Dojo versions prior to 1.4.2. It includes a proof-of-concept URL demonstrating how an attacker could inject arbitrary script code into a vulnerable page.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Dojo < 1.4.2

No auth needed

Prerequisites: A vulnerable version of Dojo · Ability to craft a malicious URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896

Various Sources x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg21431472

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1281

Exploit x_refsource_confirm

http://bugs.dojotoolkit.org/ticket/10773

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38964

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40007

Exploit x_refsource_misc

http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/

Scores

EPSS 0.0290

EPSS Percentile 85.2%

Details

CWE

CWE-79

Status published

Products (25)

dojotoolkit/dojo 0.1.0

dojotoolkit/dojo 0.2.0

dojotoolkit/dojo 0.2.1

dojotoolkit/dojo 0.2.2

dojotoolkit/dojo 0.3.0

dojotoolkit/dojo 0.3.1

dojotoolkit/dojo 0.4.0

dojotoolkit/dojo 0.4.1

dojotoolkit/dojo 0.4.2

dojotoolkit/dojo 0.4.3

... and 15 more

Published Jun 15, 2010

Tracked Since Feb 18, 2026