VYPR

Dojo Toolkit

by Dojotoolkit

CVEs (3)

  • CVE-2010-2275Jun 15, 2010
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.

  • CVE-2010-4600Dec 29, 2010
    risk 0.00cvss epss 0.01

    Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.

  • CVE-2007-2376Apr 30, 2007
    risk 0.00cvss epss 0.02

    The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data…