CVE Vulnerability

CVE-2018-1000665

Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/dojo/dojo/pull/307 Third Party Advisory
https://dojotoolkit.org/blog/dojo-1-14-released Patch Release Notes
Configurations

Configuration 1

cpe:2.3:a:dojotoolkit:dojo:*:*:*:*:*:*:*:*
Information

Published : 2018-09-06 05:29

Updated : 2018-11-07 07:38

NVD link : CVE-2018-1000665

Mitre link : CVE-2018-1000665

Products Affected

Dojo

Dojotoolkit

CWE
CWE-79