HIGH✓ PATCH🇬🇧 English

CVE-2010-2276

CVSS 10.0v2.0pub. 2010-06-15upd. 2026-04-29

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Dojotoolkit Dojo

    APP
    Dojotoolkit
    0.4.00.4.10.4.20.4.31.01.0.11.0.21.11.1.11.21.2.11.2.21.2.31.31.3.1+ 3 więcej
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2018-15494CRITICAL9.8ten sam produkt

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.

CVE-2010-2272HIGH10.0ten sam produkt

Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote atta...

CVE-2018-1000665MEDIUM6.1ten sam produkt

Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerab...

CVE-2018-6561MEDIUM6.1ten sam produkt

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.

CVE-2015-5654MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrar...

CVE-2010-2276 — HIGH 10.0 | CVEbaza.pl