{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-02T15:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6561", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md", "refsource": "MISC", "url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:10:10.199Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-6561", "datePublished": "2018-02-02T15:00:00Z", "dateReserved": "2018-02-02T00:00:00Z", "dateUpdated": "2024-09-16T23:41:05.323Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dojotoolkit:dojo:1.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "68C50401-0F97-4921-A19D-E1CC1172CEA4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element."}, {"lang": "es", "value": "dijit.Editor en Dojo Toolkit 1.13 permite Cross-Site Scripting (XSS) a trav\u00e9s del atributo onload de un elemento SVG."}], "id": "CVE-2018-6561", "lastModified": "2018-02-15T15:36:54.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-02T15:29:00.410", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "dojo: XSS via the onload attribute of an SVG element", "id": "1542041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542041"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element."], "name": "CVE-2018-6561", "package_state": [{"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Will not fix", "package_name": "dojo", "product_name": "Red Hat Satellite 5"}], "public_date": "2018-02-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-6561\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6561"], "statement": "Red Hat Satellite 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/satellite/.", "threat_severity": "Moderate"}