130 matches found
DOJO Cross-Site Scripting Vulnerabilities
DOJO is a JavaScript toolkit open source by pwn.college. pwn.college’s DOJO has a cross-site scripting vulnerability; this vulnerability stems from the lack of sandbox isolation, which may lead to sandbox escape and arbitrary JavaScript execution...
EUVD-2010-4566
Malware in sbrugna...
EUVD-2018-0543
Malware in sbrugna...
EUVD-2014-8744
Malware in sbrugna...
EUVD-2020-1205
Malware in sbrugna...
EUVD-2022-5607
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-6561
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. CVE-2018-6561 Note that Nessus relies on the presence of the package as...
Linux Distros Unpatched Vulnerability : CVE-2018-15494
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. CVE-2018-15494 Note that Nessus relies on the presence of the package a...
CVE-2010-2275
Cross-site scripting XSS vulnerability in dijit/tests/testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/testButton.html...
CVE-2010-4600
Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue...
DOJO 访问控制错误漏洞
DOJO is an open source JavaScript toolkit from pwn.college. DOJO suffers from an Access Control Error vulnerability that stems from a lack of access control when rendering a customized DOJO page, resulting in a user being able to create a stored cross-site scripting XSS vulnerability...
Security Bulletin: Vulnerability in dojo-dojo-release-1.12.1 affects Cloud Pak System [CVE-2018-6561]
Summary Vulnerability in dojo-dojo-release-1.12.1 affects Cloud Pak System. Vulnerability Details CVEID:CVE-2018-6561 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by improper validation of user-supplied input. A remote attacker could exploit this...
GHSA-W5MJ-J45Q-M638 ZendFramework1 Potential Security Issues in Bundled Dojo Library
In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ In particular, several file...
Security Bulletin: IBM Security Verify Governance - Containerized Identity Manager has multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in the latest update to IBM Security Verify Governance - Containerized Identity Manager. Vulnerability Details CVEID:CVE-2018-6561 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by improper...
Security Bulletin: Multiple vulnerabilities in Dojo toolkit shipped with IBM WebSphere eXtreme Scale Liberty Deployment and eXtremescale Client
Summary Dojo toolkit is used for UI in IBM WebSphere eXtreme Scale Liberty Deployment and eXtremescale Client. These vulnerabilities are reported in Dojo toolkit CVE-2019-10785, CVE-2018-6561, CVE-2020-4051, CVE-2018-15494, CVE-2020-5259. Vulnerability Details CVEID:CVE-2019-10785 DESCRIPTION:...
Security Bulletin: A security vulnerability have been identified in dojo library shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2018-6561)
Summary A security vulnerability have been identified in dojo library shipped with IBM Security Guardium Key Lifecycle Manager SKLM/GKLM CVE-2018-6561 Vulnerability Details CVEID:CVE-2018-6561 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by improper...
The vulnerability of the LinkDialog plugin in the module library facilitates the development of JavaScript- or AJAX-based applications and Dojo Toolkit-powered websites. This vulnerability allows attackers to compromise data integrity.
The vulnerability of the LinkDialog plugin from the module library, which facilitates the development of JavaScript- or AJAX-based applications and Dojo Toolkit websites, is related to the lack of protective measures for website structures. Exploiting this vulnerability could allow an attacker to...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.
Summary Multiple vulnerabilities in Dojo toolkit and jQuery version shipped with IBM WebSphere eXtreme Scale Liberty Deployment Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...
Security Bulletin: EBICs client of IBM Sterling B2B Integrator vulnerable to multiple issues due to Dojo Toolkit
Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in Dojo Toolkit. Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote...
SUSE CVE-2015-5654
Cross-site scripting XSS vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...