Description
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
Remediation
References
https://github.com/dojo/dojox/pull/283
https://dojotoolkit.org/blog/dojo-1-14-released
https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html
Related Vulnerabilities
CVE-2021-41249 Vulnerability in npm package graphql-playground-react
CVE-2021-4133 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2020-28437 Vulnerability in npm package heroku-env
CVE-2021-28170 Vulnerability in maven package org.glassfish:jakarta.el
CVE-2020-6950 Vulnerability in maven package org.glassfish:jakarta.faces