Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6726

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6726
Last Modified 28 Apr 2009 01:22:47
Published 09 Apr 2009 11:08:35
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6726

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.

Vulnerable Systems

Application

  • Apache Struts 2.0.9

  • Dojotoolkit Dojo 0.4.1

  • Dojotoolkit Dojo 0.4.2


References

CONFIRM - http://www.dojotoolkit.org/releaseNotes/0.4.3

CONFIRM - http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately

CONFIRM - http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds

CONFIRM - https://issues.apache.org/struts/browse/WW-2134

XF - dojo-xipclient-xipserver-xss(49884)

BID - 34660


Last Updated: 27 May 2016 10:46:36