Cross-site Scripting (XSS) The advisory has been revoked - it doesn't affect any version of package dojo Open this link in a new tab
Threat Intelligence
EPSS
0.22% (60th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID npm:dojo:20160523
- published 22 Jun 2016
- disclosed 9 Apr 2009
- credit Unknown
How to fix?
Upgrade to version 1.1
or higher, which xml-encodes the output.
Overview
The editor widget of dojo
, a popular JavaScript toolkit, is vulnerable to XSS attacks.
When saving (potentially) encoded HTML scripts in the editor and loading them again, the scripts are executed anyway.