Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dojo vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-6561
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.
Dojotoolkit Dojo 1.13.0
6.1
CVSSv3
CVE-2023-35097
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Internet Marketing Dojo WP Affiliate Links plugin <= 0.1.1 versions.
Dojo Wp Affiliate Links
NA
CVE-2006-3560
SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums 1.0 allows remote malicious users to execute arbitrary SQL commands via the f parameter.
Blue Dojo Graffiti Forums 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-15494
In Dojo Toolkit prior to 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
Dojotoolkit Dojo
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2021-23450
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
Linuxfoundation Dojo
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Weblogic Server 12.2.1.4.0
Oracle Primavera Unifier 19.12
Oracle Weblogic Server 14.1.1.0.0
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
Oracle Communications Policy Management 12.6.0.0.0
Debian Debian Linux 10.0
8.6
CVSSv3
CVE-2020-5259
In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to ...
Linuxfoundation Dojox
7.7
CVSSv3
CVE-2020-5258
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes t...
Linuxfoundation Dojo
Debian Debian Linux 8.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Communications Policy Management 12.5.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Primavera Unifier 19.12
Oracle Webcenter Sites 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Mysql
Oracle Primavera Unifier 20.12
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Documaker
Oracle Communications Application Session Controller 3.9.0
5.4
CVSSv3
CVE-2020-4051
In Dijit prior to 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or e...
Openjsf Dijit
Debian Debian Linux 10.0
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
6.1
CVSSv3
CVE-2019-10785
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
Linuxfoundation Dojox
Debian Debian Linux 8.0
NA
CVE-2010-4600
Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x prior to 7.1.1.4 and 7.1.2.x prior to 7.1.2.1, allows remote malicious users to read cookies by navigating to a Dojo file, related to an "open direct" issue.
Dojofoundation Dojo Toolkit
Ibm Rational Clearquest 7.1.2
Ibm Rational Clearquest 7.1.1.1
Ibm Rational Clearquest 7.1.1.2
Ibm Rational Clearquest 7.1.1.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »