CVE-2018-1000665: Cross-site Scripting

September 6, 2018 (updated November 7, 2018)

Dojo Objective Harness (DOH) contains a Cross Site Scripting (XSS) vulnerability that can result in a victim being attacked through their browser, deliver malware, steal HTTP cookies, or bypass CORS trust. This attack appear to be exploitable when victims are lured to a website under the attacker’s control; the XSS vulnerability on the target domain is silently exploited without the victim’s knowledge.

References

dojotoolkit.org/blog/dojo-1-14-released
nvd.nist.gov/vuln/detail/CVE-2018-1000665

Code Behaviors & Features

Detect and mitigate CVE-2018-1000665 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →