CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. CVE-2018-6561 Note that Nessus relies on the presence of the package as...

6.1CVSS6.7AI score0.00199EPSS

Exploits1References2

Tenable Nessus•added 2025/08/24 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2018-15494

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. CVE-2018-15494 Note that Nessus relies on the presence of the package a...

9.8CVSS8.1AI score0.00704EPSS

Exploits2References2

RedhatCVE•added 2025/05/22 12:33 p.m.•5 views

CVE-2010-2275

Cross-site scripting XSS vulnerability in dijit/tests/testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/testButton.html...

4.3CVSS5.8AI score0.17821EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 12:29 p.m.•3 views

CVE-2010-4600

Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue...

5CVSS6.7AI score0.00234EPSS

Exploits0References1

CNNVD•added 2025/01/30 12:0 a.m.•1 views

DOJO 访问控制错误漏洞

DOJO is an open source JavaScript toolkit from pwn.college. DOJO suffers from an Access Control Error vulnerability that stems from a lack of access control when rendering a customized DOJO page, resulting in a user being able to create a stored cross-site scripting XSS vulnerability...

7.6CVSS5.6AI score0.00147EPSS

Exploits0References1

IBM Security Bulletins•added 2024/08/01 1:2 p.m.•24 views

Security Bulletin: Vulnerability in dojo-dojo-release-1.12.1 affects Cloud Pak System [CVE-2018-6561]

Summary Vulnerability in dojo-dojo-release-1.12.1 affects Cloud Pak System. Vulnerability Details CVEID:CVE-2018-6561 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by improper validation of user-supplied input. A remote attacker could exploit this...

6.1CVSS6AI score0.00199EPSS

Exploits1Affected Software1

OSV•added 2024/06/07 9:49 p.m.•9 views

GHSA-W5MJ-J45Q-M638 ZendFramework1 Potential Security Issues in Bundled Dojo Library

In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ In particular, several file...

7.3AI score

Exploits0References4

IBM Security Bulletins•added 2024/04/25 5:15 a.m.•55 views

Security Bulletin: IBM Security Verify Governance - Containerized Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in the latest update to IBM Security Verify Governance - Containerized Identity Manager. Vulnerability Details CVEID:CVE-2018-6561 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by improper...

9.8CVSS9.7AI score0.9439EPSS

Exploits22Affected Software1

IBM Security Bulletins•added 2024/04/19 11:29 a.m.•45 views

Security Bulletin: Multiple vulnerabilities in Dojo toolkit shipped with IBM WebSphere eXtreme Scale Liberty Deployment and eXtremescale Client

Summary Dojo toolkit is used for UI in IBM WebSphere eXtreme Scale Liberty Deployment and eXtremescale Client. These vulnerabilities are reported in Dojo toolkit CVE-2019-10785, CVE-2018-6561, CVE-2020-4051, CVE-2018-15494, CVE-2020-5259. Vulnerability Details CVEID:CVE-2019-10785 DESCRIPTION:...

9.8CVSS7.3AI score0.00704EPSS

Exploits5Affected Software1

IBM Security Bulletins•added 2023/09/01 1:10 p.m.•34 views

Security Bulletin: A security vulnerability have been identified in dojo library shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2018-6561)

Summary A security vulnerability have been identified in dojo library shipped with IBM Security Guardium Key Lifecycle Manager SKLM/GKLM CVE-2018-6561 Vulnerability Details CVEID:CVE-2018-6561 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by improper...

6.1CVSS6.3AI score0.00199EPSS

Exploits1Affected Software2

IBM Security Bulletins•added 2023/03/21 6:7 p.m.•100 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.

Summary Multiple vulnerabilities in Dojo toolkit and jQuery version shipped with IBM WebSphere eXtreme Scale Liberty Deployment Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

9.8CVSS6.7AI score0.34098EPSS

Exploits22Affected Software1

IBM Security Bulletins•added 2023/03/15 7:45 p.m.•52 views

Security Bulletin: EBICs client of IBM Sterling B2B Integrator vulnerable to multiple issues due to Dojo Toolkit

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in Dojo Toolkit. Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote...

9.8CVSS8.9AI score0.01995EPSS

Exploits5Affected Software1

IBM Security Bulletins•added 2022/11/07 11:12 a.m.•30 views

Security Bulletin: Potential vulnerability in Dojo affect IBM Operations Analytics - Log Analysis (CVE-2018-15494)

Summary Vulnerability in dojo allow remote attacker to access any cookies, session tokens, or other sensitive information through cross-site scripting Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of...

9.8CVSS7.6AI score0.00704EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2022/10/11 6:54 p.m.•29 views

Security Bulletin: A Security vulnerability found in Dojo Toolkit which is shipped with IBM Security Identity Management product (CVE-2018-15494)

Summary A cross-site scripting issues exists in Dojo Toolkit, which is an open source package used by the IBM Security Identity Manegement product. IBM Security Identity Manegement has updated the packages as required. Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is...

9.8CVSS7.3AI score0.00704EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2022/09/14 3:28 p.m.•37 views

Security Bulletin: Security vulnerabilities in Dojo and jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for Dojo and jQuery version shipped with IBM Business Automation Workflow and IBM BPM. Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied inp...

7.1AI score0.06323EPSS

Exploits12Affected Software5

IBM Security Bulletins•added 2022/07/04 12:52 p.m.•81 views

Security Bulletin:Due to use of Dojo Toolkit before 1.14 in IBM Tivoli Network Manager is vulnerable to unescaped string injection in dojox/Grid/DataGrid(CVE-2018-15494)

Summary In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. dojox/grid/Builder.js and dojox/grid/cells/base.js, providing the class dojox/Grid/DataGrid, are affected by CVE-2018-15494, an unescaped string injection vulnerability. Vulnerability Details CVEID:...

9.8CVSS0.6AI score0.00704EPSS

Exploits2Affected Software1