Description

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.

Remediation

References

https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301

https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6

https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html

https://security.netapp.com/advisory/ntap-20201023-0003/

https://www.oracle.com/security-alerts/cpuoct2020.html

Related Vulnerabilities

CVE-2023-35925 Vulnerability in maven package com.fastasyncworldedit:fastasyncworldedit-core

CVE-2020-28458 Vulnerability in maven package org.webjars.npm:datatables.net

CVE-2023-33510 Vulnerability in maven package org.jeecgframework.p3:jeecg-p3-biz-chat

CVE-2022-0401 Vulnerability in npm package w-zip

CVE-2020-7600 Vulnerability in npm package querymen

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Third Party Advisory Mailing List NVD-CWE-noinfo