CVE-2020-4051

XSS in Dijit Editor's LinkDialog plugin

CVSS 3.7 LOWEPSS 1.2%CWE-79

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Productos afectados

Dojo · dijit

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301 https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6 https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html https://security.netapp.com/advisory/ntap-20201023-0003/https://www.oracle.com/security-alerts/cpuoct2020.html