Description
Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Adam Bixby · textwebappsmultiple
https://www.exploit-db.com/exploits/33764
References (13)
Core 13
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
Various Sources vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
Various Sources vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
Various Sources vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
Various Sources vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
Various Sources vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
Various Sources vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1281
Exploit x_refsource_confirm
http://bugs.dojotoolkit.org/ticket/10773
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38964
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40007
Exploit x_refsource_misc
http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/
Scores
EPSS
0.1782
EPSS Percentile
95.2%
Details
CWE
CWE-79
Status
published
Products (25)
dojotoolkit/dojo
0.1.0
dojotoolkit/dojo
0.2.0
dojotoolkit/dojo
0.2.1
dojotoolkit/dojo
0.2.2
dojotoolkit/dojo
0.3.0
dojotoolkit/dojo
0.3.1
dojotoolkit/dojo
0.4.0
dojotoolkit/dojo
0.4.1
dojotoolkit/dojo
0.4.2
dojotoolkit/dojo
0.4.3
... and 15 more
Published
Jun 15, 2010
Tracked Since
Feb 18, 2026