CVE-2020-4051
LOWDijit < 1.11.11, 1.12.0-1.12.8, 1.13.0-1.13.7, 1.14.0-1.14.6, 1.15.0-1.15.3, 1.16.0-1.16.2 - XSS in Editor LinkDialog
Title source: llmDescription
In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html
Patch, Third Party Advisory
https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301
Third Party Advisory
https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6
Third Party Advisory
https://security.netapp.com/advisory/ntap-20201023-0003/
Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Scores
CVSS v3
3.7
EPSS
0.0023
EPSS Percentile
45.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (7)
debian/debian_linux
10.0
netapp/active_iq_unified_manager
(2 CPE variants)
netapp/oncommand_insight
netapp/oncommand_workflow_automation
netapp/snapcenter
npm/dijit
0 - 1.11.11npm
openjsf/dijit
< 1.11.11
Published
Jun 15, 2020
Tracked Since
Feb 18, 2026