CVE-2015-5654

Name of the Vulnerable Software and Affected Versions Dojo Toolkit versions prior to 1.2.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim's browser.

Recommendations Upgrade to version 1.2.0 or later.