Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for dijit by openjsf
CVE-2020-4051 (GCVE-0-2020-4051)
Vulnerability from cvelistv5 – Published: 2020-06-15 00:00 – Updated: 2024-08-04 07:52
VLAI
Title
XSS in Dijit Editor's LinkDialog plugin
Summary
In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201023-0003/"
},
{
"name": "[debian-lts-announce] 20230129 [SECURITY] [DLA 3289-1] dojo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dijit",
"vendor": "Dojo",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.11"
},
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 1.12.9"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.13.8"
},
{
"status": "affected",
"version": "\u003e= 1.14.0, \u003c 1.14.7"
},
{
"status": "affected",
"version": "\u003e= 1.15.0, \u003c 1.15.4"
},
{
"status": "affected",
"version": "\u003e= 1.16.0, \u003c 1.16.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor\u0027s LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-29T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6"
},
{
"url": "https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20201023-0003/"
},
{
"name": "[debian-lts-announce] 20230129 [SECURITY] [DLA 3289-1] dojo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html"
}
],
"source": {
"advisory": "GHSA-cxjc-r2fp-7mq6",
"discovery": "UNKNOWN"
},
"title": "XSS in Dijit Editor\u0027s LinkDialog plugin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-4051",
"datePublished": "2020-06-15T00:00:00.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4051 (GCVE-0-2020-4051)
Vulnerability from nvd – Published: 2020-06-15 00:00 – Updated: 2024-08-04 07:52
VLAI
Title
XSS in Dijit Editor's LinkDialog plugin
Summary
In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201023-0003/"
},
{
"name": "[debian-lts-announce] 20230129 [SECURITY] [DLA 3289-1] dojo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dijit",
"vendor": "Dojo",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.11"
},
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 1.12.9"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.13.8"
},
{
"status": "affected",
"version": "\u003e= 1.14.0, \u003c 1.14.7"
},
{
"status": "affected",
"version": "\u003e= 1.15.0, \u003c 1.15.4"
},
{
"status": "affected",
"version": "\u003e= 1.16.0, \u003c 1.16.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor\u0027s LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-29T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6"
},
{
"url": "https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20201023-0003/"
},
{
"name": "[debian-lts-announce] 20230129 [SECURITY] [DLA 3289-1] dojo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html"
}
],
"source": {
"advisory": "GHSA-cxjc-r2fp-7mq6",
"discovery": "UNKNOWN"
},
"title": "XSS in Dijit Editor\u0027s LinkDialog plugin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-4051",
"datePublished": "2020-06-15T00:00:00.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}