In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Code Injection
Dojo
Debian Linux
NVD
GitHub
CVSS 3.0
9.8
EPSS
2.6%