GHSA-vmq9-cm7m-4p8p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vmq9-cm7m-4p8p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vmq9-cm7m-4p8p/GHSA-vmq9-cm7m-4p8p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vmq9-cm7m-4p8p
- Aliases
- Published
- 2022-05-14T02:01:21Z
- Modified
- 2024-02-16T08:13:18.926574Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
- Details
-
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in
unit.htmlandtestsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.htmlandtestsDOH/_base/i18nExhaustive.jsin the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14. - Database specific
{ "nvd_published_at": "2018-09-06T17:29:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-06-30T15:59:42Z" }- References
Affected packages
Maven / org.dojotoolkit:dojo
Package
- Name
- org.dojotoolkit:dojo
- View open source insights on deps.dev
- Purl
- pkg:maven/org.dojotoolkit/dojo
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.14
Affected versions
1.*
1.1.1
1.2.0b2
1.2.0
1.2.3
1.3.0b1
1.3.0b2
1.3.0
1.3.1
1.3.2
1.3.3
1.4.2
1.4.3
1.4.6
1.4.8
1.5.0
1.5.4
1.5.6
1.6.0
1.6.1
1.6.3
1.6.5
1.7.0
1.7.1
1.7.2
1.7.8
1.7.12
1.8.0
1.8.1
1.8.2
1.8.3
1.8.9
1.8.14
1.9.0b2
1.9.0
1.9.1
1.9.2
1.9.3
1.9.6
1.9.11
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.8
1.11.1
1.11.2
1.11.3
1.11.4
1.12.1
1.12.2
1.12.3
1.13.0
1.13.1