Lucene search
+L

466 matches found

BDU FSTEC
BDU FSTEC
added 2023/03/28 12:0 a.m.8 views

The vulnerability of the LinkDialog plugin in the module library facilitates the development of JavaScript- or AJAX-based applications and Dojo Toolkit-powered websites. This vulnerability allows attackers to compromise data integrity.

The vulnerability of the LinkDialog plugin from the module library, which facilitates the development of JavaScript- or AJAX-based applications and Dojo Toolkit websites, is related to the lack of protective measures for website structures. Exploiting this vulnerability could allow an attacker to...

4.9CVSS6.7AI score0.01183EPSS
Exploits0References8Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/21 6:7 p.m.104 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.

Summary Multiple vulnerabilities in Dojo toolkit and jQuery version shipped with IBM WebSphere eXtreme Scale Liberty Deployment Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

9.8CVSS6.7AI score0.99019EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/15 7:45 p.m.55 views

Security Bulletin: EBICs client of IBM Sterling B2B Integrator vulnerable to multiple issues due to Dojo Toolkit

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in Dojo Toolkit. Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote...

9.8CVSS8.9AI score0.30367EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/08 1:21 p.m.28 views

Security Bulletin: Financial Transaction Manager for Digital Payments, High Value Payments and Corporate Payment Services are impacted by multiple vulnerabilities.

Summary The vulnerabilities addressed include code injection, information disclosure and SQL injection. Vulnerability Details CVEID:CVE-2020-5259 DESCRIPTION: Dojo dojox could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other...

9.8CVSS7.3AI score0.0399EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/03 12:0 a.m.77 views

IBM WebSphere Application Server Liberty 17.0.0.3 < 22.0.0.3 Information Disclosure (6585704)

IBM WebSphere Application Server Liberty 17.0.0.3 less than 22.0.0.3, with the adminCenter-1.0 feature configured, is vulnerable to Prototype Pollution via the setObject function in Dojo. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

9.8CVSS6.9AI score0.30367EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/03/03 12:0 a.m.42 views

IBM WebSphere Application Server 7.x <= 7.0.0.45 / 8.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.22 / 9.x < 9.0.5.12 RCE

The IBM WebSphere Application Server installed on the remote host is affected by a remote code execution vulnerability due to the Dojo package, which is vulnerable to vulnerable to Prototype Pollution via the setObject function. Note that Nessus has not tested for this issue but has instead relie...

9.8CVSS7.7AI score0.30367EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:15 a.m.4 views

SUSE CVE-2015-5654

Cross-site scripting XSS vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.02224EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.20 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450)

Summary WebSphere Application Server Liberty is used by IBM CICS TX Advanced to provide a web based administration console. The fix removes the arbitrary code execution vulnerability CVE-2021-23450 from Liberty. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote...

9.8CVSS9.1AI score0.30367EPSS
Exploits1Affected Software1
OSV
OSV
added 2023/02/07 12:6 a.m.8 views

MGASA-2023-0039 Updated dojo packages fix security vulnerability

Dijit Editor's LinkDialog plugin of dojo 1.14.0 to 1.14.7 is vulnerable to cross-site scripting XSS attacks. CVE-2020-4051 Prototype pollution vulnerability via the setObject function. CVE-2021-23450...

9.8CVSS7.1AI score0.30367EPSS
Exploits1References4
Mageia
Mageia
added 2023/02/07 12:6 a.m.151 views

Updated dojo packages fix security vulnerability

Dijit Editor's LinkDialog plugin of dojo 1.14.0 to 1.14.7 is vulnerable to cross-site scripting XSS attacks. CVE-2020-4051 Prototype pollution vulnerability via the setObject function. CVE-2021-23450...

9.8CVSS2.3AI score0.30367EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/01/30 12:0 a.m.22 views

Debian: Security Advisory (DLA-3289-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.30367EPSS
Exploits1References4
Debian
Debian
added 2023/01/29 10:38 a.m.56 views

[SECURITY] [DLA 3289-1] dojo security update

Debian LTS Advisory DLA-3289-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 28, 2023 https://wiki.debian.org/LTS Package : dojo Version : 1.14.2+dfsg1-1+deb10u3 CVE ID : CVE-2020-4051 CVE-2021-23450 Debian Bug : 970000 1014785 Two vulnerabilities were...

9.8CVSS6.6AI score0.30367EPSS
Exploits1
OSV
OSV
added 2023/01/28 12:0 a.m.35 views

DLA-3289-1 dojo - security update

Bulletin has no description...

9.8CVSS7.2AI score0.30367EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.27 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution with IBM WebSphere Application Server (CVE-2021-23450).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution with IBM WebSphere Application Server CVE-2021-23450. This is used as part of the base image included in our service components. Please read the details for remediation below...

9.8CVSS9AI score0.30367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.23 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-20454 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML Extern...

8.2CVSS8.8AI score0.19312EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.67 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. CVEs: CVE-2021-23450, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-25315, CVE-2022-25313, CVE-2022-25235, CVE-2022-25236,...

9.8CVSS10AI score0.69803EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 3:9 p.m.31 views

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights CVE-2021-23450

Summary Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights CVE-2021-23450 Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in...

9.8CVSS9.1AI score0.30367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/07 11:12 a.m.31 views

Security Bulletin: Potential vulnerability in Dojo affect IBM Operations Analytics - Log Analysis (CVE-2018-15494)

Summary Vulnerability in dojo allow remote attacker to access any cookies, session tokens, or other sensitive information through cross-site scripting Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of...

9.8CVSS7.6AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/25 1:11 p.m.87 views

Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the...

9.8CVSS10AI score0.96121EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/18 6:45 a.m.24 views

Security Bulletin: Enterprise Content Management System Monitor is affected by vulnerability in Dojo [CVE-2021-23450]

Summary Vulnerability found in Dojo used by Enterprise Content Management System Monitor. Enterprise Content Management System Monitor has addressed the applicable CVE CVE-2021-23450. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary...

9.8CVSS9AI score0.30367EPSS
Exploits1Affected Software1
Rows per page
Query Builder