Home > Vulnerability Database > CVE-2010-2274

Mend.io Vulnerability Database

CVE-2010-2274

Good to know:

Date: June 14, 2010

Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.

Language: JS

Severity Score

3.7

Related Resources (18)

Url: https://web.archive.org/web/20100617172214/http://secunia.com/advisories/40007

Url: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/

Url: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory

Url: https://web.archive.org/web/20100629020444/http://secunia.com/advisories/38964

Url: http://secunia.com/advisories/38964

Url: http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896

Url: http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994

Url: https://github.com/cometd/dojo-maven

Url: http://www.vupen.com/english/advisories/2010/1281

Url: http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849

Url: http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958

Url: http://secunia.com/advisories/40007

Url: http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21431472

Url: http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833

Url: http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-2274

Url: https://www.mend.io/vulnerability-database/CVE-2010-2274

Severity Score

3.7

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version 1.0.3,1.1.2,1.2.4,1.3.3,1.4.2

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-2274

Good to know:

Date: June 14, 2010

Language: JS

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?