CVSS: 10.0EPSS: 3%CPEs: 18EXPL: 0CVE-2010-2276
https://notcve.org/view.php?id=CVE-2010-2276
14 Jun 2010 — The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component. La configuración por defecto del proceso de generación en Dojo v0.4.x antes de v0.4.4, v1.0.x antes de v1.0.3, v1.1.x antes de v1.1.2, v1.2.x antes de v1.2.4, v1.3... • http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory • CWE-16: Configuration •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 1CVE-2008-6681
https://notcve.org/view.php?id=CVE-2008-6681
09 Apr 2009 — Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element. vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en dijit.Editor en Dojo anteriores a v1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de entidades en un elemento TEXTAREA. • http://trac.dojotoolkit.org/ticket/2140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •