CVE-2018-6561: XSS

Q: What is CVE-2018-6561?

CVE-2018-6561 is a vulnerability in dijit.Editor in Dojo Toolkit 1.13 that allows XSS (Cross-Site Scripting) attacks via the onload attribute of an SVG element.

Q: How severe is CVE-2018-6561?

CVE-2018-6561 has a severity keyword of 'medium' with a severity value of 6.1.

Q: What software is affected by CVE-2018-6561?

The affected software includes Dojo Toolkit 1.13.0 and dijit package 1.13.1 (npm).

Q: How can I fix CVE-2018-6561?

To fix CVE-2018-6561, upgrade to Dojo Toolkit 1.13.1 or a version above it.

Q: What is the Common Weakness Enumeration (CWE) for CVE-2018-6561?

The CWE for CVE-2018-6561 is CWE-79, which represents Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

Published Feb 2, 2018

Updated

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.

Affected Software

3 affected componentsFixes available

npm/dijit<1.13.1

1.13.1

Dojotoolkit Dojo=1.13.0

IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform<=3.0.0.0 - 3.0.5.4 iFix 27

Event History

Feb 2, 2018

CVE Published

via MITRE·03:00 PM

Data Sourced

via MITRE·03:00 PM

Description

May 14, 2022

Advisory Published

03:44 AM

Feb 9, 2026

Data Sourced

via IBM·12:00 AM

DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7260111

Frequently Asked Questions

What is CVE-2018-6561?

CVE-2018-6561 is a vulnerability in dijit.Editor in Dojo Toolkit 1.13 that allows XSS (Cross-Site Scripting) attacks via the onload attribute of an SVG element.

How severe is CVE-2018-6561?

CVE-2018-6561 has a severity keyword of 'medium' with a severity value of 6.1.

What software is affected by CVE-2018-6561?

The affected software includes Dojo Toolkit 1.13.0 and dijit package 1.13.1 (npm).

How can I fix CVE-2018-6561?