Vulnerabilities > Dojotoolkit > Dojo > 1.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-06 | CVE-2018-1000665 | Cross-site Scripting vulnerability in Dojotoolkit Dojo Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. | 4.3 |
2018-08-18 | CVE-2018-15494 | Improper Encoding or Escaping of Output vulnerability in multiple products In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. | 7.5 |
2015-10-11 | CVE-2015-5654 | Cross-site Scripting vulnerability in Dojotoolkit Dojo Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-06-15 | CVE-2010-2275 | Cross-Site Scripting vulnerability in Dojotoolkit Dojo Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html. | 4.3 |