Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
References
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2011-04-18 18:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-1714
Mitre link : CVE-2011-1714
CVE.ORG link : CVE-2011-1714
JSON object : View
Products Affected
eyeos
- eyeos
qooxdoo
- qooxdoo
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')