The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.
AV:N/AC:L/Au:N/C:C/I:C/A:CDojotoolkit Dojo
APPDojotoolkit0.4.00.4.10.4.20.4.31.01.0.11.0.21.11.1.11.21.2.11.2.21.2.31.31.3.1+ 3 więcej
Related vulnerabilities
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote atta...
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerab...
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrar...