{"api_version":"1","generated_at":"2026-04-23T05:57:51+00:00","cve":"CVE-2007-6726","urls":{"html":"https://cve.report/CVE-2007-6726","api":"https://cve.report/api/cve/CVE-2007-6726.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-6726","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-6726"},"summary":{"title":"CVE-2007-6726","description":"Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-04-09 15:08:35","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://issues.apache.org/struts/browse/WW-2134","name":"https://issues.apache.org/struts/browse/WW-2134","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"[#WW-2134] Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues - Apache Struts JIRA","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds","name":"http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"0.4.3 and Updated 0.4.1/0.4.2 Builds | The Dojo Toolkit","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49884","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49884","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/34660","name":"http://www.securityfocus.com/bid/34660","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Dojo Multiple Cross Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately","name":"http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"0.4.3 released: 0.4.2 and 0.4.1 users should upgrade immediately | The Dojo Toolkit","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.dojotoolkit.org/releaseNotes/0.4.3","name":"http://www.dojotoolkit.org/releaseNotes/0.4.3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"0.4.3 Release Notes | The Dojo Toolkit","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-6726","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6726","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"6726","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"struts","cpe6":"2.0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6726","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dojotoolkit","cpe5":"dojo","cpe6":"0.4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6726","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dojotoolkit","cpe5":"dojo","cpe6":"0.4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2007-6726","qid":"995458","title":"Java (Maven) Security Update for org.apache.struts:struts2-dojo-plugin (GHSA-rm26-w253-9qv7)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T16:18:20.528Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.dojotoolkit.org/releaseNotes/0.4.3"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately"},{"name":"dojo-xipclient-xipserver-xss(49884)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49884"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.apache.org/struts/browse/WW-2134"},{"name":"34660","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/34660"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-05-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.dojotoolkit.org/releaseNotes/0.4.3"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately"},{"name":"dojo-xipclient-xipserver-xss(49884)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49884"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.apache.org/struts/browse/WW-2134"},{"name":"34660","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/34660"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-6726","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.dojotoolkit.org/releaseNotes/0.4.3","refsource":"CONFIRM","url":"http://www.dojotoolkit.org/releaseNotes/0.4.3"},{"name":"http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately","refsource":"CONFIRM","url":"http://www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediately"},{"name":"dojo-xipclient-xipserver-xss(49884)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49884"},{"name":"https://issues.apache.org/struts/browse/WW-2134","refsource":"CONFIRM","url":"https://issues.apache.org/struts/browse/WW-2134"},{"name":"34660","refsource":"BID","url":"http://www.securityfocus.com/bid/34660"},{"name":"http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds","refsource":"CONFIRM","url":"http://www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-builds"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-6726","datePublished":"2009-04-09T15:00:00.000Z","dateReserved":"2009-04-09T00:00:00.000Z","dateUpdated":"2024-08-07T16:18:20.528Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-04-09 15:08:35","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","matchCriteriaId":"6E1BABB2-780E-47E0-87A9-A164906C8421"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*","matchCriteriaId":"528A98A5-751F-40F1-9AF7-0CB84D0E154A"},{"vulnerable":true,"criteria":"cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*","matchCriteriaId":"DA636E72-459D-44A8-8278-4E5091975D25"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"6726","Ordinal":"1","Title":"CVE-2007-6726","CVE":"CVE-2007-6726","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"6726","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.","Type":"Description","Title":"CVE-2007-6726"},{"CveYear":"2007","CveId":"6726","Ordinal":"2","NoteData":"2009-04-09","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"6726","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}