CVEs-PoC/2010/CVE-2010-2275.md

### [CVE-2010-2275](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2275)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.

### POC

#### Reference
- http://bugs.dojotoolkit.org/ticket/10773
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
- http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/

#### Github
No PoCs found on GitHub currently.