CVE-2018-1000665

<= 1.13.0

Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html a

6.1MEDIUM

CVE-2018-15494

< 1.14

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.

9.8CRITICAL

CVE-2018-6561

all versions

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.

6.1MEDIUM

CVE-2015-5654

<= 1.1.1

Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML

CVE-2010-4600

all versions

Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remot

CVE-2010-2276

all versions

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.

CVE-2010-2275

<= 1.4.1

Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to

CVE-2010-2274

all versions

Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and

CVE-2010-2273

all versions

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x befo

CVE-2010-2272

all versions

Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors.

CVE-2008-6681

<= 1.0

Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script

CVE-2007-6726

all versions

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow re

CVE-2007-2376

all versions

The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows re