21 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-15494
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. CVE-2018-15494 Note that Nessus relies on the presence of the package a...
Security Bulletin: Potential vulnerability in Dojo affect IBM Operations Analytics - Log Analysis (CVE-2018-15494)
Summary Vulnerability in dojo allow remote attacker to access any cookies, session tokens, or other sensitive information through cross-site scripting Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of...
Security Bulletin: A Security vulnerability found in Dojo Toolkit which is shipped with IBM Security Identity Management product (CVE-2018-15494)
Summary A cross-site scripting issues exists in Dojo Toolkit, which is an open source package used by the IBM Security Identity Manegement product. IBM Security Identity Manegement has updated the packages as required. Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is...
Security Bulletin:Due to use of Dojo Toolkit before 1.14 in IBM Tivoli Network Manager is vulnerable to unescaped string injection in dojox/Grid/DataGrid(CVE-2018-15494)
Summary In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. dojox/grid/Builder.js and dojox/grid/cells/base.js, providing the class dojox/Grid/DataGrid, are affected by CVE-2018-15494, an unescaped string injection vulnerability. Vulnerability Details CVEID:...
Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)
Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Dojo Toolkit (CVE-2018-15494)
Summary A vulnerability in Dojo Toolkit that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A...
Security Bulletin: A security vulnerability has been fixed in IBM Security Identity Manager Virtual Appliance (CVE-2018-15494)
Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerability due to remote attcker's ability to exploit this vulnerability. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper...
Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access Docker container
Summary Multiple vulnerabilities have been fixed in the IBM Security Verify Access Docker container. Vulnerability Details CVEID: CVE-2021-20523 DESCRIPTION: IBM Security Access Manager Docker could allow a remote attacker to obtain sensitive information when a detailed technical error message is...
Security Bulletin: Vulnerability in Dojo Toolkit affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
Summary Unescaped string injection in dojox/Grid/DataGrid is affecting some of the Watson Knowledge Catalog for IBM Cloud Pak for Data web UIs. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-suppli...
Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
Summary IBM Financial Transaction Manager for Corporate Payment Services FTM CPS for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
Summary IBM Financial Transaction Manager for Check Services FTM CHK for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
Summary Financial Transaction Manager for Digital Payments FTM DP for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading...
Security Bulletin: IBM Cognos TM1 is affected by multiple vulnerabilities (CVE-2018-15494, CVE-2019-4245)
Summary Dojo Toolkit, used by IBM Cognos TM1, is vulnerable to cross-site scripting XSS . This issue has been addressed. A vulnerability exists where TM1 Server could allow a local user with specialized access to exploit an unquoted Windows search path vulnerability which could allow local users ...
@hpcc-js/dgrid-shim (>=0.1.10 <=0.1.12), bryaktestgrid (>=0.0.1 <=0.0.6) +2 more potentially affected by CVE-2018-15494 via dojox (>=1.11.2 <=1.13.0)
dojox NPM version =1.11.2, =0.1.10, =0.0.1, =0.1.0, =0.0.1, =0.5.24 Source cves: CVE-2018-15494 Source advisory: OSV:GHSA-84CM-X2Q5-8225...
[SECURITY] [DLA 1492-1] dojo security update
Package : dojo Version : 1.10.2+dfsg-1+deb8u1 CVE ID : CVE-2018-15494 Debian Bug : 906540 It was discovered that there was a string injection vulnerability in the "dojo" Javascript library. For Debian 8 "Jessie", this issue has been fixed in dojo version 1.10.2+dfsg-1+deb8u1 by Abhijith PA. We...
Dojo Toolkit 1.13 Cross Site Scripting
Advisory ID: SYSS-2018-010 Product: Dojo Toolkit Manufacturer: JS Foundation Affected Versions: 1.13 Tested Versions: 1.13, 1.10.7 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2018-07-02 Solution Date: 2018-10-13 Public...
CVE-2018-15494
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...
CVE-2018-15494
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...
UBUNTU-CVE-2018-15494
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...
CVE-2018-15494
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...