CVE-2011-1714

EPSS 8.6%

QooxDoo XSS in Callback Parameter

Published: 5/17/2022Modified: 1/19/2024

Description

Cross-site scripting (XSS) vulnerability in `framework/source/resource/qx/test/jsonp_primitive.php` in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

Affected packages (1)

npm/qooxdoofrom 0, <= 1.3

References (6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-1714
WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/66574
WEBhttps://web.archive.org/web/20110410180449/http://blog.eyeos.org/en/2011/04/07/about-some-eyeos-security-issues
WEBhttps://web.archive.org/web/20201207203617/http://www.autosectools.com/Advisories/eyeOS.2.3_Reflected.Cross-site.Scripting_172.html
WEBhttps://web.archive.org/web/20201207203620/http://www.securityfocus.com/bid/47184
WEBhttp://www.exploit-db.com/exploits/17127