Cross-Site Scripting in dojo
Moderate severity
GitHub Reviewed
Published
Sep 1, 2020
to the GitHub Advisory Database
•
Updated Sep 27, 2023
Description
Reviewed
Aug 31, 2020
Published to the GitHub Advisory Database
Sep 1, 2020
Last updated
Sep 27, 2023
Affected versions of
dojo
are susceptible to a cross-site scripting vulnerability in thedijit.Editor
andtextarea
components, which execute their contents as Javascript, even when sanitized.Recommendation
Update to version 1.1.0 or later.
References