What is CVE-2018-15494?

CVE-2018-15494 is a vulnerability in Dojo Toolkit before version 1.14 that allows for unescaped string injection in the dojox/Grid/DataGrid component.

How does CVE-2018-15494 impact Dojo Toolkit?

CVE-2018-15494 is a critical vulnerability that allows remote attackers to inject malicious scripts into web pages using the DataGrid component.

Which software versions are affected by CVE-2018-15494?

Dojo Toolkit versions before 1.14, Debian Linux version 8.0, and IBM Security Verify Access Docker version up to 10.0.0 are affected.

How can I fix CVE-2018-15494?

To fix CVE-2018-15494, update Dojo Toolkit to version 1.14.0 or newer.

Where can I find more information about CVE-2018-15494?

You can find more information about CVE-2018-15494 on the NIST National Vulnerability Database (NVD) at https://nvd.nist.gov/vuln/detail/CVE-2018-15494 and on the official Dojo Toolkit blog at https://dojotoolkit.org/blog/dojo-1-14-released.

Vulnerability/
CVE-2018-15494

critical

9.8

CWE

116

18/8/2018

15/10/2018

5/8/2024

CVE-2018-15494

First published: Sat Aug 18 2018(Updated: )

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
npm/dojox	<1.14.0	1.14.0
Dojotoolkit Dojo	<1.14
Debian Debian Linux	=8.0
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms	<=3.0.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-1135173

Frequently Asked Questions

What is CVE-2018-15494?
CVE-2018-15494 is a vulnerability in Dojo Toolkit before version 1.14 that allows for unescaped string injection in the dojox/Grid/DataGrid component.
How does CVE-2018-15494 impact Dojo Toolkit?
CVE-2018-15494 is a critical vulnerability that allows remote attackers to inject malicious scripts into web pages using the DataGrid component.
Which software versions are affected by CVE-2018-15494?
Dojo Toolkit versions before 1.14, Debian Linux version 8.0, and IBM Security Verify Access Docker version up to 10.0.0 are affected.
How can I fix CVE-2018-15494?
To fix CVE-2018-15494, update Dojo Toolkit to version 1.14.0 or newer.
Where can I find more information about CVE-2018-15494?
You can find more information about CVE-2018-15494 on the NIST National Vulnerability Database (NVD) at https://nvd.nist.gov/vuln/detail/CVE-2018-15494 and on the official Dojo Toolkit blog at https://dojotoolkit.org/blog/dojo-1-14-released.

collector/github-advisory-latest
alias/GHSA-84cm-x2q5-8225
alias/CVE-2018-15494
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/author
agent/type
agent/first-publish-date
agent/last-modified-date
agent/severity
agent/weakness
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/references
agent/softwarecombine
agent/tags
agent/description
collector/mitre-cve
source/MITRE
package-manager/npm
vendor/dojotoolkit
canonical/dojotoolkit dojo
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
vendor/ibm
canonical/ibm financial transaction manager for swift services for multiplatforms
version/ibm financial transaction manager for swift services for multiplatforms/3.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.