Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

67 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-0309

Malware in sbrugna...

6.1CVSS7.6AI score0.01807EPSS
Exploits1References10
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-0326

Malware in sbrugna...

8.6CVSS6.8AI score0.01976EPSS
Exploits1References6
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-5259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of dojox NPM package, the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties...

8.6CVSS6.8AI score0.01976EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/24 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2018-15494

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. CVE-2018-15494 Note that Nessus relies on the presence of the package a...

9.8CVSS8.1AI score0.02611EPSS
Exploits2References2
Tenable Nessus
Tenable Nessusadded 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-10785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to...

6.1CVSS7.3AI score0.01807EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/06/18 4:2 p.m.5 views

Malicious code in dojox.layout.expandopane (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4d8c95926f5af3cacdfd043cd5ec597124451062eac060c9d24c418bf4d7fab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/02/05 3:41 p.m.6 views

CVE-2020-5259

In affected versions of dojox NPM package, the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

8.6CVSS6.4AI score0.01976EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2024/06/25 12:19 p.m.3 views

Malicious code in @elastic-internal/dojox (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSVadded 2024/06/25 12:19 p.m.5 views

MAL-2024-2112 Malicious code in @elastic-internal/dojox (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2023/07/17 1:0 p.m.42 views

Security Bulletin: Mulitple vulnerabilities in Dojo dojox repo may affect IBM Storage Scale

Summary Mulitple vulnerabilities in Dojo dojox repo may affect IBM Storage Scale GUI. Vulnerability Details CVEID:CVE-2020-5259 DESCRIPTION: Dojo dojox could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other values, an attacke...

8.6CVSS7.7AI score0.01976EPSS
Exploits2Affected Software1
vulnersOsv
vulnersOsvadded 2022/05/14 3:44 a.m.4 views

@hpcc-js/dgrid-shim (>=0.0.29 <=0.1.12), bryaktestgrid (>=0.0.1 <=0.0.6) +3 more potentially affected by CVE-2018-6561 via dijit (>=1.10.3 <=1.13.0)

dijit NPM version =1.10.3, =0.0.29, =0.0.1, =0.1.0, =1.10.3, =0.0.1, =0.5.24 Source cves: CVE-2018-6561 Source advisory: OSV:GHSA-WP32-WQ34-2RQH...

6.1CVSS6.6AI score0.0115EPSS
Exploits1
BDU FSTEC
BDU FSTECadded 2021/03/15 12:0 a.m.4 views

The vulnerability of the jqMix method implementation in the dojox library (NPM package) allows an attacker to compromise data integrity.

The vulnerability of the jqMix method implementation in the dojox library NPM package is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability can allow an attacker to compromise the integrity of the data...

5.3CVSS6.6AI score0.01976EPSS
Exploits1References6Affected Software3
BDU FSTEC
BDU FSTECadded 2021/03/15 12:0 a.m.4 views

The vulnerability of the `dojox.xmpp.util.xmlEncode` component in the dojox JavaScript library allows a attacker to compromise data integrity.

The vulnerability of the dojox.xmpp.util.xmlEncode component in the dojox JavaScript library is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...

5.3CVSS7AI score0.01807EPSS
Exploits1References7Affected Software2
vulnersOsv
vulnersOsvadded 2020/06/15 9:53 p.m.4 views

dojox (>=1.10.3 <=1.11.10) potentially affected by CVE-2020-4051 via dijit (>=1.10.3 <=1.11.10)

dijit NPM version =1.10.3, =1.10.3, =1.11.10 Source cves: CVE-2020-4051 Source advisory: OSV:GHSA-CXJC-R2FP-7MQ6...

5.4CVSS6.7AI score0.01183EPSS
Exploits0
Mageia
Mageiaadded 2020/05/27 9:52 a.m.36 views

Updated dojo packages fix security vulnerability

Updated dojo package fixes security vulnerabilities: In affected versions of dojo, the deepCopy method is vulnerable to prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other valu...

8.6CVSS2.1AI score0.04023EPSS
Exploits2References2
RedhatCVE
RedhatCVEadded 2020/05/04 2:9 p.m.29 views

CVE-2019-10785

A flaw was found in dojox. Cross-site scripting is possible as only the first occurrence of each character is encoded. The highest threat from this vulnerability is to data confidentiality and integrity...

6.1CVSS2.5AI score0.01807EPSS
Exploits1References4
Veracode
Veracodeadded 2020/03/11 3:56 a.m.27 views

Prototype Pollution

dojox is vulnerable to prototype pollution. A attacker is able to inject arbitrary Javascript construct prototype to overwrite or pollute base Objects, potentially resulting in arbitrary code execution...

8.6CVSS3.6AI score0.01976EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2020/03/10 6:15 p.m.20 views

CVE-2020-5259

In affected versions of dojox NPM package, the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

8.6CVSS7.9AI score0.01976EPSS
Exploits1References3
OSV
OSVadded 2020/03/10 6:15 p.m.24 views

CVE-2020-5259

In affected versions of dojox NPM package, the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

8.6CVSS8.4AI score
Exploits0References3
OSV
OSVadded 2020/03/10 6:15 p.m.1 views

DEBIAN-CVE-2020-5259

In affected versions of dojox NPM package, the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

8.6CVSS6.4AI score0.01976EPSS
Exploits1References1
Rows per page
Query Builder