Description

Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.

Remediation

References

http://trac.dojotoolkit.org/ticket/2140

http://www.dojotoolkit.org/book/dojo-1-1-release-notes

http://www.securityfocus.com/bid/34661

https://exchange.xforce.ibmcloud.com/vulnerabilities/49883

Related Vulnerabilities

CVE-2022-39243 Vulnerability in maven package com.zaxxer:nuprocess

CVE-2022-2218 Vulnerability in maven package org.webjars.npm:parse-url

CVE-2020-8237 Vulnerability in maven package org.webjars.bower:json-bigint

CVE-2023-46133 Vulnerability in npm package crypto-es

CVE-2017-16114 Vulnerability in maven package org.webjars.bower:marked

Severity

Critical

Classification

CWE-79

Tags

Exploit