Moderate severityNVD Advisory· Published Apr 9, 2009· Updated Apr 23, 2026

CVE-2007-6726

Description

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.struts:struts2-dojo-pluginMaven	>= 0.4.1, < 0.4.3	0.4.3

Affected products

Apache/Struts
cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
Dojotoolkit/Dojo2 versions
cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dojotoolkit.org/0-4-3-and-updated-0-4-1-0-4-2-buildsnvdPatchVendor AdvisoryWEB
www.dojotoolkit.org/2007/05/26/0-4-3-released-0-4-2-and-0-4-1-users-should-upgrade-immediatelynvdPatchVendor AdvisoryWEB
www.dojotoolkit.org/releaseNotes/0.4.3nvdPatchVendor AdvisoryWEB
github.com/advisories/GHSA-rm26-w253-9qv7ghsaADVISORY
issues.apache.org/struts/browse/WW-2134nvdVendor AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2007-6726ghsaADVISORY
www.securityfocus.com/bid/34660nvdWEB
exchange.xforce.ibmcloud.com/vulnerabilities/49884nvdWEB
github.com/apache/struts-archive/blob/master/plugins/struts2-dojo-pluginghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000