CVE-2008-6681

描述

Affected versions of `dojo` are susceptible to a cross-site scripting vulnerability in the `dijit.Editor` and `textarea` components, which execute their contents as Javascript, even when sanitized. ## Recommendation Update to version 1.1.0 or later.

受影響套件(1)

• npm/dojofrom 0, < 1.1.0

參考連結(8)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2008-6681
• WEBhttps://bugs.dojotoolkit.org/ticket/2140
• WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/49883
• WEBhttps://www.npmjs.com/advisories/107
• WEBhttp://trac.dojotoolkit.org/changeset/15346
• WEBhttp://trac.dojotoolkit.org/ticket/2140
• WEBhttp://www.dojotoolkit.org/book/dojo-1-1-release-notes
• WEBhttp://www.securityfocus.com/bid/34661