Skip to main content

Dojo

6 CVEs product

Monthly

CVE-2021-23450 npm CRITICAL POC PATCH THREAT Act Now

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Dojo Communications Policy Management Primavera Unifier +2
NVD GitHub
CVSS 3.1
9.8
EPSS
30.4%
CVE-2020-5258 npm HIGH POC PATCH This Week

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. Public exploit code available.

Node.js RCE Code Injection Dojo Debian Linux +8
NVD GitHub
CVSS 3.1
7.7
EPSS
4.0%
CVE-2018-1000665 Maven MEDIUM PATCH This Month

Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dojo
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-15494 npm CRITICAL PATCH Act Now

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Dojo Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-6561 npm MEDIUM POC PATCH This Month

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dojo
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2015-5654 npm MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Dojo
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 30% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Dojo +4
NVD GitHub
EPSS 4% CVSS 7.7
HIGH POC PATCH This Week

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. Public exploit code available.

Node.js RCE Code Injection +10
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dojo
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Dojo Debian Linux
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dojo
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Dojo
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy