CVE-2011-1714

Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
qooxdooqooxdoo
1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.eyeos.org/en/2011/04/07/about-some-eyeos-security-issues/
http://osvdb.org/71718
http://osvdb.org/71720
http://secunia.com/advisories/43818
http://secunia.com/advisories/43997
http://www.autosectools.com/Advisories/eyeOS.2.3_Reflected.Cross-site.Scripting_172.html
http://www.exploit-db.com/exploits/17127
http://www.securityfocus.com/bid/47184
https://exchange.xforce.ibmcloud.com/vulnerabilities/66574
http://blog.eyeos.org/en/2011/04/07/about-some-eyeos-security-issues/
http://osvdb.org/71718
http://osvdb.org/71720
http://secunia.com/advisories/43818
http://secunia.com/advisories/43997
http://www.autosectools.com/Advisories/eyeOS.2.3_Reflected.Cross-site.Scripting_172.html
http://www.exploit-db.com/exploits/17127
http://www.securityfocus.com/bid/47184
https://exchange.xforce.ibmcloud.com/vulnerabilities/66574