← back
CVE-2020-4051

XSS in Dijit Editor's LinkDialog plugin

CVSS 3.7 LOWEPSS 1.2%CWE-79
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 3.7EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Jun 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Affected products
Dojo · dijit

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6https://lists.debian.org/debian-lts-announce/2023/01/msg00030.htmlhttps://security.netapp.com/advisory/ntap-20201023-0003/https://www.oracle.com/security-alerts/cpuoct2020.html