Vulnerability Details CVE-2007-6726
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds
- http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately
- http://www.dojotoolkit.org/releaseNotes/0.4.3
- http://www.securityfocus.com/bid/34660
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49884
- https://issues.apache.org/struts/browse/WW-2134
- http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds
- http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately
- http://www.dojotoolkit.org/releaseNotes/0.4.3
- http://www.securityfocus.com/bid/34660
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49884
- https://issues.apache.org/struts/browse/WW-2134
Products affected by CVE-2007-6726
-
cpe:2.3:a:apache:struts:2.0.9
-
cpe:2.3:a:dojotoolkit:dojo:0.4.1
-
cpe:2.3:a:dojotoolkit:dojo:0.4.2