VYPR

npm package

dojox

pkg:npm/dojox

Vulnerabilities (3)

  • CVE-2020-5259Mar 10, 2020
    affected < 1.11.10fixed 1.11.10

    In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to

  • CVE-2019-10785Feb 13, 2020
    affected < 1.11.9fixed 1.11.9

    dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.

  • CVE-2018-15494CriAug 18, 2018
    affected < 1.14.0fixed 1.14.0

    In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.