Description
Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.3
References
- GHSA-pchf-755w-jj6v
- exchange.xforce.ibmcloud.com
- www.exploit-db.com
- web.archive.org
- CVE-2011-1714
- CWE-79
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Cross-site Scripting in jquery-ui - CVE-2010-5312
- nuxt Code Injection vulnerability - CVE-2023-3224
- Denial of Service in ipfs-bitswap - Vulnerability
- Improper Key Verification in ipns - Vulnerability
- Tags:
- npm
- qooxdoo
Anything's wrong? Let us know Last updated on January 19, 2024