CVE-2010-2273
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.3
Description
Cross-Site Scripting in dojo
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Dojo Toolkit 1.4.1 - '/doh/runner.html' Multiple Cross-Site Scripting Vulnerabilities
Source code queued for fetch โ refresh in a moment.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 1.4.2+dfsg-1 |
| debian | bullseye | fixed | 1.4.2+dfsg-1 |
| debian | forky | fixed | 1.4.2+dfsg-1 |
| debian | sid | fixed | 1.4.2+dfsg-1 |
| debian | trixie | fixed | 1.4.2+dfsg-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| dojotoolkit | dojo | 1.0 | |
| dojotoolkit | dojo | 1.0.1 | |
| dojotoolkit | dojo | 1.0.2 | |
| dojotoolkit | dojo | 1.1 | |
| dojotoolkit | dojo | 1.1.1 | |
| dojotoolkit | dojo | 1.2 | |
| dojotoolkit | dojo | 1.2.1 | |
| dojotoolkit | dojo | 1.2.2 | |
| dojotoolkit | dojo | 1.2.3 | |
| dojotoolkit | dojo | 1.3 | |
| dojotoolkit | dojo | 1.3.1 | |
| dojotoolkit | dojo | 1.3.2 | |
| dojotoolkit | dojo | 1.4 | |
| dojotoolkit | dojo | 1.4.1 | |
References
- http://bugs.dojotoolkit.org/ticket/10773
- http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
- http://secunia.com/advisories/38964
- http://secunia.com/advisories/40007
- http://www-01.ibm.com/support/docview.wss?uid=swg21431472
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
- http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/
- http://www.vupen.com/english/advisories/2010/1281
- https://security-tracker.debian.org/tracker/CVE-2010-2273
- https://nvd.nist.gov/vuln/detail/CVE-2010-2273
- https://github.com/dojo/dojo/pull/307
- https://github.com/dojo/dojo/commit/9117ffd5a3863e44c92fcd58564c0da22be858f4
- https://bugs.dojotoolkit.org/ticket/10773
- https://www.npmjs.com/advisories/972
- http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory
- http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.