Detections
Analytics

FreeBSD : dojo -- XSS and other vulnerabilities (805603a1-3e7a-11df-a5a1-0050568452ac)

high Nessus Plugin ID 45446

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The Dojo Toolkit team reports :

Some PHP files did not properly escape input.

Some files could operate like 'open redirects'. A bad actor could form an URL that looks like it came from a trusted site, but the user would be redirected or load content from the bad actor's site.

A file exposed a more serious cross-site scripting vulnerability with the possibility of executing code on the domain where the file exists.

The Dojo build process defaulted to copying over tests and demos, which are normally not needed and just increased the number of files that could be targets of attacks.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?9e6d2114

http://osdir.com/ml/bugtraq.security/2010-03/msg00133.html

https://packetstormsecurity.com/1003-exploits/dojo-xss.txt

http://www.nessus.org/u?baf20fd9

http://www.nessus.org/u?36615ac6

Plugin Details

Severity: High

ID: 45446

File Name: freebsd_pkg_805603a13e7a11dfa5a10050568452ac.nasl

Version: 1.13

Type: local

Published: 4/9/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:dojo, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/6/2010

Vulnerability Publication Date: 3/11/2010

Reference Information

Secunia: 38964