Lucene search

K

Dojo Security Vulnerabilities

cve
cve

CVE-2007-2376

The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

6.5AI Score

0.004EPSS

2007-04-30 11:19 PM
29
cve
cve

CVE-2020-5258

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

7.7CVSS

7.5AI Score

0.002EPSS

2020-03-10 06:15 PM
126
13
cve
cve

CVE-2023-35097

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Internet Marketing Dojo WP Affiliate Links plugin <= 0.1.1...

7.1CVSS

6AI Score

0.0005EPSS

2023-06-20 10:15 AM
17
cve
cve

CVE-2020-4051

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to...

5.4CVSS

5.1AI Score

0.004EPSS

2020-06-15 10:15 PM
64
2
cve
cve

CVE-2020-5259

In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

8.6CVSS

8.2AI Score

0.002EPSS

2020-03-10 06:15 PM
43
3
cve
cve

CVE-2006-3560

SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums 1.0 allows remote attackers to execute arbitrary SQL commands via the f...

8.8AI Score

0.011EPSS

2006-07-13 01:05 AM
26