Description
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
Remediation
References
https://dojotoolkit.org/blog/dojo-1-14-released
https://github.com/dojo/dojox/pull/283
https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html
Related Vulnerabilities
CVE-2021-43783 Vulnerability in npm package @backstage/plugin-scaffolder-backend
CVE-2018-1000136 Vulnerability in npm package electron
CVE-2023-23936 Vulnerability in maven package org.webjars.npm:undici
CVE-2022-41239 Vulnerability in maven package com.groupon.jenkins-ci.plugins:dotci
CVE-2019-10302 Vulnerability in maven package org.jenkins-ci.plugins:jira-ext