Description
Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.3
References
- GHSA-pchf-755w-jj6v
- exchange.xforce.ibmcloud.com
- www.exploit-db.com
- web.archive.org
- CVE-2011-1714
- CWE-79
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Reflected XSS from the callback handler's error query parameter - CVE-2021-32702
- Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter - CVE-2020-19698
- Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter - CVE-2020-19697
- jQuery vulnerable to Cross-Site Scripting (XSS) - CVE-2011-4969
- Tags:
- npm
- qooxdoo
Anything's wrong? Let us know Last updated on January 19, 2024