In Dojo Toolkit prior to 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
dojotoolkit dojo
debian debian linux 8.0