Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x prior to 1.0.3, 1.1.x prior to 1.1.2, 1.2.x prior to 1.2.4, 1.3.x prior to 1.3.3, and 1.4.x prior to 1.4.2 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dojotoolkit dojo 1.0 |
||
dojotoolkit dojo 1.2.1 |
||
dojotoolkit dojo 1.2.2 |
||
dojotoolkit dojo 1.2.3 |
||
dojotoolkit dojo 1.3 |
||
dojotoolkit dojo 1.0.1 |
||
dojotoolkit dojo 1.1 |
||
dojotoolkit dojo 1.2 |
||
dojotoolkit dojo 1.3.1 |
||
dojotoolkit dojo 1.4 |
||
dojotoolkit dojo 1.0.2 |
||
dojotoolkit dojo 1.1.1 |
||
dojotoolkit dojo 1.3.2 |
||
dojotoolkit dojo 1.4.1 |