Description

Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.

Remediation

References

http://trac.dojotoolkit.org/ticket/2140

http://www.dojotoolkit.org/book/dojo-1-1-release-notes

http://www.securityfocus.com/bid/34661

https://exchange.xforce.ibmcloud.com/vulnerabilities/49883

Related Vulnerabilities

CVE-2022-31166 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2023-41887 Vulnerability in maven package org.openrefine:database

CVE-2020-7754 Vulnerability in npm package npm-user-validate

CVE-2022-36007 Vulnerability in maven package com.github.jlangch:venice

CVE-2016-4055 Vulnerability in maven package org.webjars.npm:moment

Severity

Critical

Classification

CWE-79

Tags

Exploit