Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4amMtcjJmcC03bXE2
Cross-site Scripting in dijit editor's LinkDialog plugin
Impact
XSS possible for users of the Dijit Editor's LinkDialog plugin
Patches
Yes, 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3
Workarounds
Users may apply the patch made in these releases.
For more information
If you have any questions or comments about this advisory, open an issue in dojo/dijit
Permalink: https://github.com/advisories/GHSA-cxjc-r2fp-7mq6JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4amMtcjJmcC03bXE2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 4 years ago
Updated: about 1 year ago
CVSS Score: 3.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Identifiers: GHSA-cxjc-r2fp-7mq6, CVE-2020-4051
References:
- https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6
- https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301
- https://nvd.nist.gov/vuln/detail/CVE-2020-4051
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://security.netapp.com/advisory/ntap-20201023-0003/
- https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html
- https://github.com/advisories/GHSA-cxjc-r2fp-7mq6
Blast Radius: 11.2
Affected Packages
npm:dijit
Dependent packages: 19Dependent repositories: 1,065
Downloads: 13,302 last month
Affected Version Ranges: >= 1.16.0, < 1.16.3, >= 1.15.0, < 1.15.4, >= 1.14.0, < 1.14.7, >= 1.13.0, < 1.13.8, >= 1.12.0, < 1.12.9, < 1.11.11
Fixed in: 1.16.3, 1.15.4, 1.14.7, 1.13.8, 1.12.9, 1.11.11
All affected versions: 1.6.4, 1.6.5, 1.7.11, 1.7.12, 1.8.13, 1.8.14, 1.9.8, 1.9.9, 1.9.10, 1.9.11, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.7, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 1.12.5, 1.12.6, 1.12.7, 1.12.8, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.13.4, 1.13.5, 1.13.6, 1.13.7, 1.14.0, 1.14.1, 1.14.2, 1.14.3, 1.14.4, 1.14.5, 1.14.6, 1.15.0, 1.15.1, 1.15.2, 1.15.3, 1.16.0, 1.16.1, 1.16.2
All unaffected versions: 1.11.11, 1.11.12, 1.11.13, 1.12.9, 1.12.10, 1.12.11, 1.13.8, 1.13.9, 1.13.10, 1.14.7, 1.14.8, 1.14.9, 1.15.4, 1.15.5, 1.15.6, 1.16.3, 1.16.4, 1.16.5, 1.17.0, 1.17.1, 1.17.2, 1.17.3