FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
805603a1-3e7a-11df-a5a1-0050568452ac	dojo -- cross-site scripting and other vulnerabilities The Dojo Toolkit team reports: Some PHP files did not properly escape input. Some files could operate like "open redirects". A bad actor could form an URL that looks like it came from a trusted site, but the user would be redirected or load content from the bad actor's site. A file exposed a more serious cross-site scripting vulnerability with the possibility of executing code on the domain where the file exists. The Dojo build process defaulted to copying over tests and demos, which are normally not needed and just increased the number of files that could be targets of attacks. Discovery 2010-03-11 Entry 2010-04-06 dojo < 1.4.2 http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ http://osdir.com/ml/bugtraq.security/2010-03/msg00133.html http://packetstormsecurity.org/1003-exploits/dojo-xss.txt http://secunia.com/advisories/38964 http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/

VuXML ID

Description

805603a1-3e7a-11df-a5a1-0050568452ac

dojo -- cross-site scripting and other vulnerabilities

The Dojo Toolkit team reports:

Some PHP files did not properly escape input.

Some files could operate like "open redirects". A bad actor could form an URL that looks like it came from a trusted site, but the user would be redirected or load content from the bad actor's site.

A file exposed a more serious cross-site scripting vulnerability with the possibility of executing code on the domain where the file exists.

The Dojo build process defaulted to copying over tests and demos, which are normally not needed and just increased the number of files that could be targets of attacks.

Discovery 2010-03-11
Entry 2010-04-06
dojo

< 1.4.2

http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
http://osdir.com/ml/bugtraq.security/2010-03/msg00133.html
http://packetstormsecurity.org/1003-exploits/dojo-xss.txt
http://secunia.com/advisories/38964
http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/