Lucene search
K
DojotoolkitDojo

11 matches found

CVE
CVE
added 2018/08/18 2:0 a.m.807 views

CVE-2018-15494

CVE-2018-15494: Dojo Toolkit’s DataGrid in Dojo before 1.14 is vulnerable to unescaped string injection, enabling cross‑site scripting. Affected component is dojox/Grid/DataGrid; impact is client-side script execution in the context of the hosting page. The public fix is to upgrade to Dojo 1.14 o...

9.8CVSS9.4AI score0.02611EPSS
CVE
CVE
added 2018/09/06 5:0 p.m.169 views

CVE-2018-1000665

CVE-2018-1000665 affects the Dojo Dojo Objective Harness (DOH) prior to version 1.14. The vulnerability is an XSS in unit.html and related tests (testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js) that can cause a victim’s browser to execute injected s...

6.1CVSS5.8AI score0.01286EPSS
CVE
CVE
added 2010/06/14 7:0 p.m.127 views

CVE-2010-2276

CVE-2010-2276 affects Dojo where the default build-process configuration uses copyTests=true and mini=false, enabling remote attackers to cause an unspecified impact via requests to test or demo components. Affected Dojo lines: 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x bef...

10CVSS6.7AI score0.03153EPSS
CVE
CVE
added 2018/02/02 3:0 p.m.110 views

CVE-2018-6561

CVE-2018-6561 affects dojo-dijit.Editor in Dojo Toolkit 1.13, enabling cross-site scripting via the onload attribute of an SVG element. The IBM/OSV records confirm the vulnerability details, including the XSS risk in Dijit.Editor and a base score of 6.1 (IBM X-Force vector: CVSS3.0), with exploit...

6.1CVSS5.7AI score0.0115EPSS
CVE
CVE
added 2010/06/14 7:0 p.m.101 views

CVE-2010-2273

Summary: CVE-2010-2273 describes multiple cross-site scripting vulnerabilities in Dojo across several major 1.0.x–1.4.x branches. The flaws allow remote attackers to inject arbitrary script or HTML via unspecified vectors, with potential references to files such as dojo/resources/iframe_history.h...

4.3CVSS5.7AI score0.04545EPSS
Web
CVE
CVE
added 2010/06/14 7:0 p.m.91 views

CVE-2010-2275

CVE-2010-2275 is an XSS vulnerability in the Dojo Toolkit SDK prior to version 1.4.2. The issue arises in the file dijit/tests/_testCommon.js where an attacker can inject arbitrary script or HTML through the theme parameter, demonstrated by an attack against dijit/tests/form/test_Button.html. Mul...

4.3CVSS5.7AI score0.02899EPSS
Web
CVE
CVE
added 2015/10/11 1:0 a.m.85 views

CVE-2015-5654

Dojo Toolkit (before 1.2) is vulnerable to Cross-Site Scripting (XSS) due to improper validation of user-supplied input, enabling remote attackers to inject script/HTML via unspecified vectors. Several vendor advisories confirm this CVE-2015-5654 issue and recommend upgrading Dojo to a version wi...

4.3CVSS5.5AI score0.02224EPSS
CVE
CVE
added 2009/04/09 3:0 p.m.78 views

CVE-2007-6726

CVE-2007-6726 refers to multiple XSS vulnerabilities in Dojo 0.4.1 and 0.4.2 as used in Apache Struts and other products. The issues allow remote injection of arbitrary script/HTML via vectors involving xip_client.html and xip_server.html in src/io/. The NVD entry lists a MEDIUM severity (CVSSv2:...

4.3CVSS5.8AI score0.03447EPSS
CVE
CVE
added 2009/04/09 3:0 p.m.72 views

CVE-2008-6681

CVE-2008-6681 corresponds to a cross-site scripting vulnerability in the Dojo toolkit, specifically in dojo/dijit.Editor components pre-1.1. The issue allows remote attackers to inject arbitrary script or HTML via XML entities entered in a TEXTAREA, with the root cause tied to insufficient input ...

4.3CVSS5.8AI score0.01082EPSS
CVE
CVE
added 2010/06/14 7:0 p.m.70 views

CVE-2010-2274

CVE-2010-2274 describes multiple open redirect vulnerabilities in Dojo across 1.0.x to 1.4.x (before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, 1.4.x before 1.4.2). The issues allow remote attackers to redirect users to arbitrary sites via several components (e.g., dojo/re...

4.3CVSS6.9AI score0.01891EPSS
CVE
CVE
added 2010/06/14 7:0 p.m.54 views

CVE-2010-2272

Technical details are not publicly available in the provided documents. Monitor for updates.

10CVSS6.6AI score0.01323EPSS