CVE-2008-6681

Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://trac.dojotoolkit.org/ticket/2140
http://www.dojotoolkit.org/book/dojo-1-1-release-notes	Exploit
http://www.securityfocus.com/bid/34661
https://exchange.xforce.ibmcloud.com/vulnerabilities/49883

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dojotoolkit:dojo::::::::
	cpe:2.3:a:dojotoolkit:dojo:0.1.0:::::::*
	cpe:2.3:a:dojotoolkit:dojo:0.2.0:::::::*
	cpe:2.3:a:dojotoolkit:dojo:0.2.1:::::::*
	cpe:2.3:a:dojotoolkit:dojo:0.2.2:::::::*
	cpe:2.3:a:dojotoolkit:dojo:0.3.0:::::::*
	cpe:2.3:a:dojotoolkit:dojo:0.3.1:::::::*
	cpe:2.3:a:dojotoolkit:dojo:0.4.0:::::::*
	cpe:2.3:a:dojotoolkit:dojo:0.4.1:::::::*
	cpe:2.3:a:dojotoolkit:dojo:0.4.2:::::::*
	cpe:2.3:a:dojotoolkit:dojo:0.4.3:::::::*
	cpe:2.3:a:dojotoolkit:dojo:0.9.0:::::::*

History

No history.

Information

Published : 2009-04-09 15:08

Updated : 2024-02-28 11:21

NVD link : CVE-2008-6681

Mitre link : CVE-2008-6681

CVE.ORG link : CVE-2008-6681

JSON object : View

Products Affected

dojotoolkit

dojo

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2008-6681", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-04-09T15:08:35.530", "references": [{"url": "http://trac.dojotoolkit.org/ticket/2140", "source": "cve@mitre.org"}, {"url": "http://www.dojotoolkit.org/book/dojo-1-1-release-notes", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/34661", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49883", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element."}, {"lang": "es", "value": "vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en dijit.Editor en Dojo anteriores a v1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de entidades en un elemento TEXTAREA."}], "lastModified": "2017-08-17T01:29:29.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dojotoolkit:dojo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72B44884-7A73-4E52-BF22-751E824E1E5B", "versionEndIncluding": "1.0"}, {"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83852B57-3A53-4D77-A96F-981AAE36E420"}, {"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1B6EEA9-7DA2-4654-93AC-C689E305BB7F"}, {"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFD690AA-F874-45F0-BF71-D9E7CD27F7A7"}, {"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76E3DF57-4959-4442-B480-2AC6602290D9"}, {"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "754DB42B-D1C6-4673-B795-9DBBFFC0B6CF"}, {"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A04248-DA1A-4D71-A7D2-49D908352D05"}, {"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1521836E-BCFD-4665-A461-F9CD0DA2195D"}, {"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "528A98A5-751F-40F1-9AF7-0CB84D0E154A"}, {"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA636E72-459D-44A8-8278-4E5091975D25"}, {"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A419DC98-A35B-4DFD-994C-B7B31CBE14A0"}, {"criteria": "cpe:2.3:a:dojotoolkit:dojo:0.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "096A2AB6-5CED-47CC-81EC-6D4D4A890777"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}