CVE-2015-5654
published 2015-10-11CVE-2015-5654: Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.22%
80.5th percentile
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dojo | — | — |
| dojotoolkit | dojo | <= 1.1.1 | — |
| linuxfoundation | dojo | >= 0 < 1.9.1 | 1.9.1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-Site Scripting in dojo
osv·2020-09-11
CVE-2015-5654 [MEDIUM] Cross-Site Scripting in dojo
Cross-Site Scripting in dojo
Versions of `dojo` prior to 1.2.0 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim's browser.
## Recommendation
Upgrade to version 1.2.0 or later.
GHSA
Cross-Site Scripting in dojo
ghsa·2020-09-11
CVE-2015-5654 [MEDIUM] CWE-79 Cross-Site Scripting in dojo
Cross-Site Scripting in dojo
Versions of `dojo` prior to 1.2.0 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim's browser.
## Recommendation
Upgrade to version 1.2.0 or later.
Red Hat
dojo: cross-site scripting flaw
vendor_redhat·2015-10-09·CVSS 4.3
CVE-2015-5654 [MEDIUM] CWE-79 dojo: cross-site scripting flaw
dojo: cross-site scripting flaw
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Statement: This issue has been fixed in all versions of Dojo in all Red Hat products.
Package: dojo (Red Hat Satellite 5) - Not affected
Debian
CVE-2015-5654: dojo - Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remot...
vendor_debian·2015·CVSS 4.3
CVE-2015-5654 [MEDIUM] CVE-2015-5654: dojo - Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remot...
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
http://jvn.jp/en/jp/JVN13456571/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2015-000153http://www-01.ibm.com/support/docview.wss?uid=swg21975256http://www.securityfocus.com/bid/77026http://www.securitytracker.com/id/1034848http://jvn.jp/en/jp/JVN13456571/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2015-000153http://www-01.ibm.com/support/docview.wss?uid=swg21975256http://www.securityfocus.com/bid/77026http://www.securitytracker.com/id/1034848
2015-10-11
Published