Moderate severityNVD Advisory· Published Apr 9, 2009· Updated Apr 23, 2026
CVE-2008-6681
CVE-2008-6681
Description
Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dojonpm | < 1.1.0 | 1.1.0 |
Affected products
12cpe:2.3:a:dojotoolkit:dojo:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:dojotoolkit:dojo:*:*:*:*:*:*:*:*range: <=1.0
- cpe:2.3:a:dojotoolkit:dojo:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:dojotoolkit:dojo:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:dojotoolkit:dojo:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:dojotoolkit:dojo:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:dojotoolkit:dojo:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:dojotoolkit:dojo:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:dojotoolkit:dojo:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:dojotoolkit:dojo:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:dojotoolkit:dojo:0.9.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.dojotoolkit.org/book/dojo-1-1-release-notesnvdExploitWEB
- github.com/advisories/GHSA-39cx-xcwj-3rc4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2008-6681ghsaADVISORY
- trac.dojotoolkit.org/changeset/15346ghsaWEB
- trac.dojotoolkit.org/ticket/2140nvdWEB
- www.securityfocus.com/bid/34661nvdWEB
- bugs.dojotoolkit.org/ticket/2140ghsaWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/49883nvdWEB
- www.npmjs.com/advisories/107ghsaWEB
News mentions
0No linked articles in our index yet.