CVE-2008-6681

Dojo < 1.0 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.

References (4)

[Various Sources] http://trac.dojotoolkit.org/ticket/2140

[Exploit] http://www.dojotoolkit.org/book/dojo-1-1-release-notes

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/49883

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/34661

Scores

EPSS 0.0029

EPSS Percentile 51.6%

Classification

CWE

CWE-79

Status published

Affected Products (14)

dojotoolkit/dojo < 1.0

dojotoolkit/dojo

npm/dojo < 1.1.0npm

n/a/n/a

Timeline

Published Apr 09, 2009

Tracked Since Feb 18, 2026