CVE-2008-6681
published 2009-04-09CVE-2008-6681: Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.08%
61.0th percentile
Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dojotoolkit | dojo | <= 1.0 | — |
| dojotoolkit | dojo | — | — |
| dojotoolkit | dojo | — | — |
| dojotoolkit | dojo | — | — |
| dojotoolkit | dojo | — | — |
| dojotoolkit | dojo | — | — |
| dojotoolkit | dojo | — | — |
| dojotoolkit | dojo | — | — |
| dojotoolkit | dojo | — | — |
| dojotoolkit | dojo | — | — |
| dojotoolkit | dojo | — | — |
| dojotoolkit | dojo | — | — |
| linuxfoundation | dojo | >= 0 < 1.1.0 | 1.1.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cross-Site Scripting in dojo
ghsa·2020-09-01
CVE-2008-6681 [MEDIUM] CWE-79 Cross-Site Scripting in dojo
Cross-Site Scripting in dojo
Affected versions of `dojo` are susceptible to a cross-site scripting vulnerability in the `dijit.Editor` and `textarea` components, which execute their contents as Javascript, even when sanitized.
## Recommendation
Update to version 1.1.0 or later.
OSV
Cross-Site Scripting in dojo
osv·2020-09-01
CVE-2008-6681 [MEDIUM] Cross-Site Scripting in dojo
Cross-Site Scripting in dojo
Affected versions of `dojo` are susceptible to a cross-site scripting vulnerability in the `dijit.Editor` and `textarea` components, which execute their contents as Javascript, even when sanitized.
## Recommendation
Update to version 1.1.0 or later.
No detection rules found.
No writeups or analysis indexed.
http://trac.dojotoolkit.org/ticket/2140http://www.dojotoolkit.org/book/dojo-1-1-release-noteshttp://www.securityfocus.com/bid/34661https://exchange.xforce.ibmcloud.com/vulnerabilities/49883http://trac.dojotoolkit.org/ticket/2140http://www.dojotoolkit.org/book/dojo-1-1-release-noteshttp://www.securityfocus.com/bid/34661https://exchange.xforce.ibmcloud.com/vulnerabilities/49883
2009-04-09
Published