Lucene search
K

21 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2018-15494

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. CVE-2018-15494 Note that Nessus relies on the presence of the package a...

9.8CVSS8.1AI score0.02611EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/07 11:12 a.m.30 views

Security Bulletin: Potential vulnerability in Dojo affect IBM Operations Analytics - Log Analysis (CVE-2018-15494)

Summary Vulnerability in dojo allow remote attacker to access any cookies, session tokens, or other sensitive information through cross-site scripting Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of...

9.8CVSS7.6AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/11 6:54 p.m.30 views

Security Bulletin: A Security vulnerability found in Dojo Toolkit which is shipped with IBM Security Identity Management product (CVE-2018-15494)

Summary A cross-site scripting issues exists in Dojo Toolkit, which is an open source package used by the IBM Security Identity Manegement product. IBM Security Identity Manegement has updated the packages as required. Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is...

9.8CVSS7.3AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/04 12:52 p.m.83 views

Security Bulletin:Due to use of Dojo Toolkit before 1.14 in IBM Tivoli Network Manager is vulnerable to unescaped string injection in dojox/Grid/DataGrid(CVE-2018-15494)

Summary In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. dojox/grid/Builder.js and dojox/grid/cells/base.js, providing the class dojox/Grid/DataGrid, are affected by CVE-2018-15494, an unescaped string injection vulnerability. Vulnerability Details CVEID:...

9.8CVSS0.6AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 5:6 p.m.37 views

Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...

9.8CVSS0.8AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/29 9:22 p.m.33 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Dojo Toolkit (CVE-2018-15494)

Summary A vulnerability in Dojo Toolkit that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A...

9.8CVSS0.5AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/07 9:47 p.m.28 views

Security Bulletin: A security vulnerability has been fixed in IBM Security Identity Manager Virtual Appliance (CVE-2018-15494)

Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerability due to remote attcker's ability to exploit this vulnerability. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper...

9.8CVSS2AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:0 a.m.66 views

Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access Docker container

Summary Multiple vulnerabilities have been fixed in the IBM Security Verify Access Docker container. Vulnerability Details CVEID: CVE-2021-20523 DESCRIPTION: IBM Security Access Manager Docker could allow a remote attacker to obtain sensitive information when a detailed technical error message is...

9.8CVSS0.7AI score0.04023EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/08 9:18 p.m.31 views

Security Bulletin: Vulnerability in Dojo Toolkit affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary Unescaped string injection in dojox/Grid/DataGrid is affecting some of the Watson Knowledge Catalog for IBM Cloud Pak for Data web UIs. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-suppli...

9.8CVSS0.2AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/28 4:30 p.m.33 views

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)

Summary IBM Financial Transaction Manager for Corporate Payment Services FTM CPS for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

9.8CVSS0.6AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/28 4:29 p.m.30 views

Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)

Summary IBM Financial Transaction Manager for Check Services FTM CHK for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

9.8CVSS0.5AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/08/02 11:45 a.m.24 views

Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)

Summary Financial Transaction Manager for Digital Payments FTM DP for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading...

9.8CVSS0.3AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/29 2:10 a.m.19 views

Security Bulletin: IBM Cognos TM1 is affected by multiple vulnerabilities (CVE-2018-15494, CVE-2019-4245)

Summary Dojo Toolkit, used by IBM Cognos TM1, is vulnerable to cross-site scripting XSS . This issue has been addressed. A vulnerability exists where TM1 Server could allow a local user with specialized access to exploit an unquoted Windows search path vulnerability which could allow local users ...

9.8CVSS1AI score0.02611EPSS
Exploits2Affected Software1
vulnersOsv
vulnersOsv
added 2018/10/15 10:3 p.m.4 views

@hpcc-js/dgrid-shim (>=0.1.10 <=0.1.12), bryaktestgrid (>=0.0.1 <=0.0.6) +2 more potentially affected by CVE-2018-15494 via dojox (>=1.11.2 <=1.13.0)

dojox NPM version =1.11.2, =0.1.10, =0.0.1, =0.1.0, =0.0.1, =0.5.24 Source cves: CVE-2018-15494 Source advisory: OSV:GHSA-84CM-X2Q5-8225...

9.8CVSS7.2AI score0.02611EPSS
Exploits2
Debian
Debian
added 2018/09/03 8:6 a.m.29 views

[SECURITY] [DLA 1492-1] dojo security update

Package : dojo Version : 1.10.2+dfsg-1+deb8u1 CVE ID : CVE-2018-15494 Debian Bug : 906540 It was discovered that there was a string injection vulnerability in the "dojo" Javascript library. For Debian 8 "Jessie", this issue has been fixed in dojo version 1.10.2+dfsg-1+deb8u1 by Abhijith PA. We...

9.8CVSS8.1AI score0.02611EPSS
Exploits2
Packet Storm
Packet Storm
added 2018/08/27 12:0 a.m.825 views

Dojo Toolkit 1.13 Cross Site Scripting

Advisory ID: SYSS-2018-010 Product: Dojo Toolkit Manufacturer: JS Foundation Affected Versions: 1.13 Tested Versions: 1.13, 1.10.7 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2018-07-02 Solution Date: 2018-10-13 Public...

8AI score0.02611EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2018/08/23 5:54 a.m.47 views

CVE-2018-15494

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

9.8CVSS1.9AI score0.02611EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2018/08/18 2:29 a.m.40 views

CVE-2018-15494

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

9.8CVSS7.2AI score0.02611EPSS
Exploits2References4
OSV
OSV
added 2018/08/18 2:29 a.m.2 views

UBUNTU-CVE-2018-15494

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

9.8CVSS7.3AI score0.02611EPSS
Exploits2References5
Debian CVE
Debian CVE
added 2018/08/18 2:0 a.m.28 views

CVE-2018-15494

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

9.8CVSS9.7AI score0.02611EPSS
Exploits2
Rows per page
Query Builder