Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6
CVE-2020-5259
- EPSS 0.36%
- Published 10.03.2020 18:15:12
- Last modified 21.11.2024 05:33:47
In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker ma...
6.1
CVE-2019-10785
- EPSS 0.28%
- Published 13.02.2020 17:15:29
- Last modified 21.11.2024 04:19:55
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
1