Описание
Cross-Site Scripting in dojo
Affected versions of dojo are susceptible to a cross-site scripting vulnerability in the dijit.Editor and textarea components, which execute their contents as Javascript, even when sanitized.
Recommendation
Update to version 1.1.0 or later.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-6681
- https://bugs.dojotoolkit.org/ticket/2140
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49883
- https://www.npmjs.com/advisories/107
- http://trac.dojotoolkit.org/changeset/15346
- http://trac.dojotoolkit.org/ticket/2140
- http://www.dojotoolkit.org/book/dojo-1-1-release-notes
- http://www.securityfocus.com/bid/34661
Пакеты
Наименование
dojo
npm
Затронутые версииВерсия исправления
< 1.1.0
1.1.0
Связанные уязвимости
nvd
почти 17 лет назад
Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.