CVE-2018-1000665

Name of the Vulnerable Software and Affected Versions Dojo Dojo Objective Harness (DOH) versions prior to 1.14

Description The issue is a Cross Site Scripting (XSS) vulnerability in unit.html, testsDOH/ base/loader/i18n-exhaustive/i18n-test/unit.html, and testsDOH/ base/i18nExhaustive.js. This can result in victims being attacked through their browser, potentially leading to malware delivery, HTTP cookie theft, and bypassing of CORS trust. The attack is typically exploitable when victims are lured to a website under the attacker's control, and the XSS vulnerability is silently exploited without the victim's knowledge.

Recommendations For versions prior to 1.14, update to version 1.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable files unit.html, testsDOH/ base/loader/i18n-exhaustive/i18n-test/unit.html, and testsDOH/ base/i18nExhaustive.js to minimize the risk of exploitation.