CVE-2010-2274

Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.

Published: Jun 15, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-2274
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
dojotoolkit / dojo	1.2.1	1.2.1.x
dojotoolkit / dojo	1.1	1.1.x
dojotoolkit / dojo	1.3.2	1.3.2.x
dojotoolkit / dojo	1.0.1	1.0.1.x
dojotoolkit / dojo	1.2.3	1.2.3.x
dojotoolkit / dojo	1.0	1.0.x
dojotoolkit / dojo	1.3.1	1.3.1.x
dojotoolkit / dojo	1.0.2	1.0.2.x
dojotoolkit / dojo	1.1.1	1.1.1.x
dojotoolkit / dojo	1.3	1.3.x
dojotoolkit / dojo	1.4.1	1.4.1.x
dojotoolkit / dojo	1.2.2	1.2.2.x
dojotoolkit / dojo	1.2	1.2.x
dojotoolkit / dojo	1.4	1.4.x

Vulnerability Database

289,697

CVE-2010-2274