CVE-2011-1714

EPSS 8.6%

QooxDoo XSS in Callback Parameter

發布日:2022/5/17修改日:2024/1/19

描述

Cross-site scripting (XSS) vulnerability in `framework/source/resource/qx/test/jsonp_primitive.php` in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

受影響套件(1)

npm/qooxdoofrom 0, <= 1.3

參考連結(6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-1714
WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/66574
WEBhttps://web.archive.org/web/20110410180449/http://blog.eyeos.org/en/2011/04/07/about-some-eyeos-security-issues
WEBhttps://web.archive.org/web/20201207203617/http://www.autosectools.com/Advisories/eyeOS.2.3_Reflected.Cross-site.Scripting_172.html
WEBhttps://web.archive.org/web/20201207203620/http://www.securityfocus.com/bid/47184
WEBhttp://www.exploit-db.com/exploits/17127