CVE-2007-6726

Опубликовано: 09 апр. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.

Ссылки

http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds
Patch
Vendor Advisory
http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately
Patch
Vendor Advisory
http://www.dojotoolkit.org/releaseNotes/0.4.3
Patch
Vendor Advisory
http://www.securityfocus.com/bid/34660
https://exchange.xforce.ibmcloud.com/vulnerabilities/49884
https://issues.apache.org/struts/browse/WW-2134
Vendor Advisory
http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds
Patch
Vendor Advisory
http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately
Patch
Vendor Advisory
http://www.dojotoolkit.org/releaseNotes/0.4.3
Patch
Vendor Advisory
http://www.securityfocus.com/bid/34660
https://exchange.xforce.ibmcloud.com/vulnerabilities/49884
https://issues.apache.org/struts/browse/WW-2134
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01747

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-rm26-w253-9qv7

github

почти 4 года назад

Apache Struts Dojo Plugin XSS Vulnerability