npm package
dojo
pkg:npm/dojo
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-23450 | — | <= 1.16.4 | — | Dec 17, 2021 | All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. | ||
| CVE-2020-5258 | — | < 1.11.10 | 1.11.10 | Mar 10, 2020 | In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes t | ||
| CVE-2015-5654 | — | < 1.9.1 | 1.9.1 | Oct 11, 2015 | Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2010-2273 | — | >= 1.13.0, < 1.13.1 | 1.13.1 | Jun 15, 2010 | Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resou | ||
| CVE-2008-6681 | — | < 1.1.0 | 1.1.0 | Apr 9, 2009 | Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element. |
- CVE-2021-23450Dec 17, 2021affected <= 1.16.4
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
- CVE-2020-5258Mar 10, 2020affected < 1.11.10fixed 1.11.10
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes t
- CVE-2015-5654Oct 11, 2015affected < 1.9.1fixed 1.9.1
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-2273Jun 15, 2010affected >= 1.13.0, < 1.13.1fixed 1.13.1
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resou
- CVE-2008-6681Apr 9, 2009affected < 1.1.0fixed 1.1.0
Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.