CVE-2018-1000665
Description
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attackers control; the XSS vulnerability on the target domain is silently exploited without the victims knowledge. This vulnerability appears to have been fixed in 1.14.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.277
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-1000665 are fixed in Dojotoolkit - dojo 1.14 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.2.1 | Windows |
| Vulnerabilities CVE-2018-1000665 are fixed in Dojotoolkit - dojo for Linux 1.14 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234