Allele Security Alert
Cross-Site Scripting (XSS) vulnerability in Dojo Toolkit
IBM Planning Analytics
IBM Planning Analytics versions 2.0, 2.0.1, 2.0.2 ,2.0.3, 2.0.4, 2.0.5 and 2.0.6
IBM Planning Analytics version 2.0.7
Proof of concept
Dojo Toolkit is vulnerable to Cross-Site Scripting (XSS), caused by improper validation of user-supplied input by the DataGrid component. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics
Dojo Toolkit DataGrid component cross-site scripting
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 3, 2019