GHSA-CXJC-R2FP-7MQ6
Vulnerability from github – Published: 2020-06-15 21:53 – Updated: 2023-03-01 01:09
VLAI?
Summary
Cross-site Scripting in dijit editor's LinkDialog plugin
Details
Impact
XSS possible for users of the Dijit Editor's LinkDialog plugin
Patches
Yes, 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3
Workarounds
Users may apply the patch made in these releases.
For more information
If you have any questions or comments about this advisory, open an issue in dojo/dijit
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "dijit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "dijit"
},
"ranges": [
{
"events": [
{
"introduced": "1.12.0"
},
{
"fixed": "1.12.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "dijit"
},
"ranges": [
{
"events": [
{
"introduced": "1.13.0"
},
{
"fixed": "1.13.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "dijit"
},
"ranges": [
{
"events": [
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "dijit"
},
"ranges": [
{
"events": [
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "dijit"
},
"ranges": [
{
"events": [
{
"introduced": "1.16.0"
},
{
"fixed": "1.16.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-4051"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-15T21:52:48Z",
"nvd_published_at": "2020-06-15T22:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nXSS possible for users of the Dijit Editor\u0027s LinkDialog plugin\n\n### Patches\nYes, 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3\n\n### Workarounds\nUsers may apply the patch made in these releases.\n\n\n### For more information\nIf you have any questions or comments about this advisory, open an issue in [dojo/dijit](https://github.com/dojo/dijit/)",
"id": "GHSA-cxjc-r2fp-7mq6",
"modified": "2023-03-01T01:09:25Z",
"published": "2020-06-15T21:53:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4051"
},
{
"type": "WEB",
"url": "https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20201023-0003"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cross-site Scripting in dijit editor\u0027s LinkDialog plugin "
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…