Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote malicious users to inject arbitrary web script or HTML via the callback parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qooxdoo qooxdoo 1.3 |