CVE-2015-5654 — Cross-site Scripting in Dojo

CWE-79 — Cross-site Scripting7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 51.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linuxfoundation Dojo Dojotoolkit Dojo

Timeline

PublishedOct 11

Latest updateSep 11

Description

Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDdojotoolkit/dojo1.1.1

▶npmlinuxfoundation/dojo< 1.9.1

🔴Vulnerability Details

OSV

Cross-Site Scripting in dojo↗2020-09-11

▶

GHSA

Cross-Site Scripting in dojo↗2020-09-11

▶

CVEList

CVE-2015-5654: Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1↗2015-10-11

▶

📋Vendor Advisories

Red Hat

dojo: cross-site scripting flaw↗2015-10-09

▶

Debian

CVE-2015-5654: dojo - Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remot...↗2015

▶

💬Community

Bugzilla

CVE-2015-5654 dojo: cross-site scripting flaw↗2015-10-13

▶