VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-mzd4-yrq8-3bhj

Essentials
Severities (23)
References (25)
Severity details (20)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-mzd4-yrq8-3bhj
Aliases	CVE-2010-2273 GHSA-536q-8gxx-m782
Summary	Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.
Status	Published
Exploitability	2.0
Weighted Severity	6.2
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://bugs.dojotoolkit.org/ticket/10773
generic_textual	MODERATE	http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory
epss	0.43247	https://api.first.org/data/v1/epss?cve=CVE-2010-2273
epss	0.43247	https://api.first.org/data/v1/epss?cve=CVE-2010-2273
epss	0.43247	https://api.first.org/data/v1/epss?cve=CVE-2010-2273
generic_textual	MODERATE	https://bugs.dojotoolkit.org/ticket/10773
generic_textual	MODERATE	http://secunia.com/advisories/38964
generic_textual	MODERATE	http://secunia.com/advisories/40007
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-536q-8gxx-m782
generic_textual	MODERATE	https://github.com/dojo/dojo/commit/9117ffd5a3863e44c92fcd58564c0da22be858f4
generic_textual	MODERATE	https://github.com/dojo/dojo/pull/307
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2010-2273
generic_textual	MODERATE	https://www.npmjs.com/advisories/972
generic_textual	MODERATE	http://www-01.ibm.com/support/docview.wss?uid=swg21431472
generic_textual	MODERATE	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
generic_textual	MODERATE	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
generic_textual	MODERATE	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
generic_textual	MODERATE	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
generic_textual	MODERATE	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
generic_textual	MODERATE	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
generic_textual	MODERATE	http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
generic_textual	MODERATE	http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk
generic_textual	MODERATE	http://www.vupen.com/english/advisories/2010/1281

Reference id	Reference type	URL
		http://bugs.dojotoolkit.org/ticket/10773
		http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory
		http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
		https://api.first.org/data/v1/epss?cve=CVE-2010-2273
		https://bugs.dojotoolkit.org/ticket/10773
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2273
		http://secunia.com/advisories/38964
		http://secunia.com/advisories/40007
		https://github.com/dojo/dojo/commit/9117ffd5a3863e44c92fcd58564c0da22be858f4
		https://github.com/dojo/dojo/pull/307
		https://www.npmjs.com/advisories/972
		http://www-01.ibm.com/support/docview.wss?uid=swg21431472
		http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
		http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
		http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
		http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
		http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
		http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
		http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
		http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk
		http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/
		http://www.vupen.com/english/advisories/2010/1281
CVE-2010-2273		https://nvd.nist.gov/vuln/detail/CVE-2010-2273
CVE-2010-2273;OSVDB-63074	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/33765.txt
GHSA-536q-8gxx-m782		https://github.com/advisories/GHSA-536q-8gxx-m782

Data source	Exploit-DB
Date added	March 15, 2010
Description	Dojo Toolkit 1.4.1 - '/doh/runner.html' Multiple Cross-Site Scripting Vulnerabilities
Ransomware campaign use	Known
Source publication date	March 15, 2010
Exploit type	webapps
Platform	multiple
Source update date	June 15, 2014
Source URL	https://www.securityfocus.com/bid/38739/info

Exploit Prediction Scoring System (EPSS)

Percentile	0.97588
EPSS Score	0.43247
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:24:25.974277+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0