{"id":"CVE-2010-2275","details":"Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.","modified":"2026-04-10T03:41:17.714155Z","published":"2010-06-15T14:30:01Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/38964"},{"type":"ADVISORY","url":"http://secunia.com/advisories/40007"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/1281"},{"type":"EVIDENCE","url":"http://bugs.dojotoolkit.org/ticket/10773"},{"type":"EVIDENCE","url":"http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21431472"},{"type":"WEB","url":"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833"},{"type":"WEB","url":"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849"},{"type":"WEB","url":"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856"},{"type":"WEB","url":"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896"},{"type":"WEB","url":"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932"},{"type":"WEB","url":"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958"},{"type":"WEB","url":"http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994"}],"schema_version":"1.7.5"}