CVE-2008-6681

Description

Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.

Affected products

• dojotoolkit / dojo1.0
• dojotoolkit / dojo0.1.0 – 0.1.0
• dojotoolkit / dojo0.2.0 – 0.2.0
• dojotoolkit / dojo0.2.1 – 0.2.1
• dojotoolkit / dojo0.2.2 – 0.2.2
• dojotoolkit / dojo0.3.0 – 0.3.0
• dojotoolkit / dojo0.3.1 – 0.3.1
• dojotoolkit / dojo0.4.0 – 0.4.0
• dojotoolkit / dojo0.4.1 – 0.4.1
• dojotoolkit / dojo0.4.2 – 0.4.2
• dojotoolkit / dojo0.4.3 – 0.4.3
• dojotoolkit / dojo0.9.0 – 0.9.0

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/49883
• MISChttp://www.securityfocus.com/bid/34661
• MISChttp://www.dojotoolkit.org/book/dojo-1-1-release-notes
• MISChttp://trac.dojotoolkit.org/ticket/2140