CVE-2018-15494

Reference Links

• https://nvd.nist.gov/vuln/detail/CVE-2018-15494
• https://github.com/dojo/dojox/pull/283
• https://dojotoolkit.org/blog/dojo-1-14-released
• https://github.com/advisories/GHSA-84cm-x2q5-8225
• https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html
• https://exchange.xforce.ibmcloud.com/vulnerabilities/148556
• https://www.ibm.com/support/pages/node/6471895 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

• IBM-6471895

Frequently Asked Questions

• What is CVE-2018-15494?

  CVE-2018-15494 is a vulnerability in Dojo Toolkit before version 1.14 that allows for unescaped string injection in the dojox/Grid/DataGrid component.

• How does CVE-2018-15494 impact Dojo Toolkit?

  CVE-2018-15494 is a critical vulnerability that allows remote attackers to inject malicious scripts into web pages using the DataGrid component.

• Which software versions are affected by CVE-2018-15494?

  Dojo Toolkit versions before 1.14, Debian Linux version 8.0, and IBM Security Verify Access Docker version up to 10.0.0 are affected.

• How can I fix CVE-2018-15494?

  To fix CVE-2018-15494, update Dojo Toolkit to version 1.14.0 or newer.

• Where can I find more information about CVE-2018-15494?

  You can find more information about CVE-2018-15494 on the NIST National Vulnerability Database (NVD) at https://nvd.nist.gov/vuln/detail/CVE-2018-15494 and on the official Dojo Toolkit blog at https://dojotoolkit.org/blog/dojo-1-14-released.