GHSA-39cx-xcwj-3rc4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-39cx-xcwj-3rc4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-39cx-xcwj-3rc4/GHSA-39cx-xcwj-3rc4.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-39cx-xcwj-3rc4
- Aliases
-
- CVE-2008-6681
- Published
- 2020-09-01T15:25:29Z
- Modified
- 2023-11-08T03:56:52.043077Z
- Summary
- Cross-Site Scripting in dojo
- Details
-
Affected versions of
dojoare susceptible to a cross-site scripting vulnerability in thedijit.Editorandtextareacomponents, which execute their contents as Javascript, even when sanitized.Recommendation
Update to version 1.1.0 or later.
- Database specific
{ "github_reviewed": true, "severity": "MODERATE", "github_reviewed_at": "2020-08-31T18:11:03Z", "nvd_published_at": null, "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2008-6681
- https://bugs.dojotoolkit.org/ticket/2140
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49883
- https://www.npmjs.com/advisories/107
- http://trac.dojotoolkit.org/changeset/15346
- http://trac.dojotoolkit.org/ticket/2140
- http://www.dojotoolkit.org/book/dojo-1-1-release-notes
- http://www.securityfocus.com/bid/34661
Affected packages
npm / dojo
Package
- Name
- dojo
- View open source insights on deps.dev
- Purl
- pkg:npm/dojo