CVE-2011-1714 – qooxdoo

Package

Manager: npm
Name: qooxdoo
Vulnerable Version: >=0 <=1.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.08061 pctl0.91791

Details

QooxDoo XSS in Callback Parameter Cross-site scripting (XSS) vulnerability in `framework/source/resource/qx/test/jsonp_primitive.php` in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

Metadata

Created: 2022-05-17T01:59:37Z
Modified: 2024-01-19T17:22:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pchf-755w-jj6v/GHSA-pchf-755w-jj6v.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-pchf-755w-jj6v
Finding: F008
Auto approve: 1