CVE-2011-1714

QooxDoo 1.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

Exploits (1)

exploitdb WORKING POC

by AutoSec Tools · textwebappsphp

https://www.exploit-db.com/exploits/17127

View Code ZIP pw:eip

References (9)

[Various Sources] http://blog.eyeos.org/en/2011/04/07/about-some-eyeos-security-issues/

[Exploit] http://osvdb.org/71718

[Vendor Advisory] http://secunia.com/advisories/43818

[Vendor Advisory] http://secunia.com/advisories/43997

[Exploit] http://www.autosectools.com/Advisories/eyeOS.2.3_Reflected.Cross-site.Scripting_172.html

[Exploit] http://www.exploit-db.com/exploits/17127

[Exploit] http://www.securityfocus.com/bid/47184

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/66574

[Third Party Advisory, VDB Entry] http://osvdb.org/71720

Scores

EPSS 0.0858

EPSS Percentile 92.3%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

qooxdoo/qooxdoo

npm/qooxdoo npm

Timeline

Published Apr 18, 2011

Tracked Since Feb 18, 2026