2 matches found
CVE-2019-10785
CVE-2019-10785 affects the Dojo/Dojox component, where dojox.xmpp.util.xmlEncode only encodes the first occurrence of each character, enabling cross-site scripting in affected Dojo versions prior to 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. The connected IBM and Nessus entries corroborat...
CVE-2020-5259
CVE-2020-5259 affects the dojox npm package where the jqMix method is vulnerable to prototype pollution. The root cause is the ability to inject properties into JavaScript prototypes, enabling an attacker to overwrite base object prototypes. The entry notes patches in versions 1.11.10, 1.12.8, 1....