CVE-2018-6561 — Cross-site Scripting in Dojo

CWE-79 — Cross-site Scripting10 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 57.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linuxfoundation Dojo Dojotoolkit Dojo

Timeline

PublishedFeb 2

Latest updateMay 14

Description

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDdojotoolkit/dojo1.13.0

▶Debianlinuxfoundation/dojo< 1.13.0+dfsg1-1+3

🔴Vulnerability Details

OSV

dijit editor cross-site scripting vulnerability↗2022-05-14

▶

GHSA

dijit editor cross-site scripting vulnerability↗2022-05-14

▶

CVEList

CVE-2018-6561: dijit↗2018-02-02

▶

OSV

CVE-2018-6561: dijit↗2018-02-02

▶

📋Vendor Advisories

Red Hat

dojo: XSS via the onload attribute of an SVG element↗2018-02-02

▶

Debian

CVE-2018-6561: dojo - dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG ...↗2018

▶

💬Community

Bugzilla

CVE-2018-6561 dojo: XSS via the onload attribute of an SVG element↗2018-02-05

▶

Bugzilla

CVE-2018-6561 dojo: XSS via the onload attribute of an SVG element [epel-all]↗2018-02-05

▶

Bugzilla

CVE-2018-6561 dojo: XSS via the onload attribute of an SVG element [fedora-all]↗2018-02-05

▶