Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a
Cross Site Scripting (XSS) vulnerability in unit.html and
testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and
testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim
attacked through their browser - deliver malware, steal HTTP cookies,
bypass CORS trust. This attack appear to be exploitable via Victims are
typically lured to a web site under the attacker's control; the XSS
vulnerability on the target domain is silently exploited without the
victim's knowledge. This vulnerability appears to have been fixed in 1.14.
Source: dojo (LP Ubuntu Debian)
Upstream:released (1.14.1+dfsg1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):needs-triage
More Information

Updated: 2020-01-29 18:50:44 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)