Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Sep 8, 2023
Description
Published by the National Vulnerability Database
Sep 6, 2018
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Jun 30, 2022
Last updated
Sep 8, 2023
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in
unit.html
andtestsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html
andtestsDOH/_base/i18nExhaustive.js
in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14.References