FreeBSD : dojo -- XSS and other vulnerabilities (805603a1-3e7a-11df-a5a1-0050568452ac)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Dojo Toolkit team reports :

Some PHP files did not properly escape input.

Some files could operate like 'open redirects'. A bad actor could form
an URL that looks like it came from a trusted site, but the user would
be redirected or load content from the bad actor's site.

A file exposed a more serious cross-site scripting vulnerability with
the possibility of executing code on the domain where the file exists.

The Dojo build process defaulted to copying over tests and demos,
which are normally not needed and just increased the number of files
that could be targets of attacks.

See also :

http://www.nessus.org/u?9e6d2114
http://osdir.com/ml/bugtraq.security/2010-03/msg00133.html
http://packetstormsecurity.org/1003-exploits/dojo-xss.txt
http://www.nessus.org/u?670dde7c
http://www.nessus.org/u?6a678d8d

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 45446 (freebsd_pkg_805603a13e7a11dfa5a10050568452ac.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now