npm

Severity: moderate

Cross-Site Scripting

dojo

Overview

Affected versions of dojo are susceptible to a cross-site scripting vulnerability in the dijit.Editor and textarea components, which execute their contents as Javascript, even when sanitized.

Remediation

Update to version 1.1 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    May 23rd, 2016
  2. reported

    Initial report by Unknown
    May 5th, 2016