Linuxfoundation Dojox vulnerabilities

CVE-2020-5259 [HIGH] CWE-94 CVE-2020-5259: In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base

CVE-2019-10785 [MEDIUM] CWE-79 CVE-2019-10785: dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1 dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.

CVE-2018-15494 [CRITICAL] CWE-116 dojox vulnerable to unescaped string injection dojox vulnerable to unescaped string injection In Dojo Toolkit before 1.14.0, there is unescaped string injection in dojox/Grid/DataGrid.