CVE-2018-1000665

Name: CVE-2018-1000665
Creator: NVD / NIST
Published: 2018-09-06T17:29:01.597+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.29%

Last modified Jun 17, 2026

CVE-2018-1000665 is a vulnerability of currently unknown severity. Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. EPSS estimates a 1.29% chance of exploitation in the next 30 days.

Description

Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14.

Metrics

EPSS Probability

1.29%

66.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Dojotoolkit	Dojo	<= 1.13.0

References

https://dojotoolkit.org/blog/dojo-1-14-releasedPatch, Release Notes, Vendor Advisory
https://github.com/dojo/dojo/pull/307Third Party Advisory
https://dojotoolkit.org/blog/dojo-1-14-releasedPatch, Release Notes, Vendor Advisory
https://github.com/dojo/dojo/pull/307Third Party Advisory

Timeline

Published: Sep 6, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-1000665?

How severe is CVE-2018-1000665?

Severity scoring for CVE-2018-1000665 is pending analysis. The EPSS model estimates a 1.29% probability of exploitation in the next 30 days.

How do I fix CVE-2018-1000665?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-1000665?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST