CVE-2011-1714

Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:qooxdoo:qooxdoo:1.3:*:*:*:*:*:*:*
OR cpe:2.3:o:eyeos:eyeos:2.2:*:*:*:*:*:*:*
cpe:2.3:o:eyeos:eyeos:2.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-04-18 18:55

Updated : 2024-02-28 11:41


NVD link : CVE-2011-1714

Mitre link : CVE-2011-1714

CVE.ORG link : CVE-2011-1714


JSON object : View

Products Affected

eyeos

  • eyeos

qooxdoo

  • qooxdoo
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')