0.002 Low
EPSS
Percentile
58.4%
dojox is vulnerable to cross-site scripting (XSS). insufficient XML escaping in dojox.xmpp.util.xmlEncode allows an attacker to inject and execute arbitrary Javascript in a user’s browser via a malicious XML document.
dojox.xmpp.util.xmlEncode
github.com/advisories/GHSA-pg97-ww7h-5mjr
github.com/dojo/dojox/blob/72db30b7bcf2175d5c17d4a585b460db7676ab04/xmpp/util.js#L5-L10
github.com/dojo/dojox/pull/315
github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr
lists.debian.org/debian-lts-announce/2020/02/msg00033.html