Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package dojo, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2020-5258 — CVSS 7.7 (high): In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the…
CVE-2021-23450 — CVSS 7.5 (high): All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
CVE-2008-6681 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML…
CVE-2010-2273 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3…
CVE-2015-5654 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via…