Dojo Toolkit is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser to steal session tokens or perform unwanted actions on behalf of a user.
CPE | Name | Operator | Version |
---|---|---|---|
dojo | le | 1.2.0rc2 | |
dojo | eq | 1.1.1-maen |