GHSA-vmq9-cm7m-4p8p

Suggest an improvement
Source
https://github.com/advisories/GHSA-vmq9-cm7m-4p8p
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vmq9-cm7m-4p8p/GHSA-vmq9-cm7m-4p8p.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vmq9-cm7m-4p8p
Aliases
Published
2022-05-14T02:01:21Z
Modified
2024-02-16T08:13:18.926574Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
Details

Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14.

References

Affected packages

Maven / org.dojotoolkit:dojo

Package

Name
org.dojotoolkit:dojo
View open source insights on deps.dev
Purl
pkg:maven/org.dojotoolkit/dojo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14

Affected versions

1.*

1.1.1
1.2.0b2
1.2.0
1.2.3
1.3.0b1
1.3.0b2
1.3.0
1.3.1
1.3.2
1.3.3
1.4.2
1.4.3
1.4.6
1.4.8
1.5.0
1.5.4
1.5.6
1.6.0
1.6.1
1.6.3
1.6.5
1.7.0
1.7.1
1.7.2
1.7.8
1.7.12
1.8.0
1.8.1
1.8.2
1.8.3
1.8.9
1.8.14
1.9.0b2
1.9.0
1.9.1
1.9.2
1.9.3
1.9.6
1.9.11
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.8
1.11.1
1.11.2
1.11.3
1.11.4
1.12.1
1.12.2
1.12.3
1.13.0
1.13.1