Advisories for Npm/Dijit package

2022

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.

2020

In Dijit there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin.