CVE-2020-4051

XSS in Dijit Editor's LinkDialog plugin

CVSS 3.7 LOWEPSS 1.2%CWE-79

Vexday Risk Score

8Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 3.7EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

15 jun 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Produtos afetados

Dojo · dijit

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301 https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6 https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html https://security.netapp.com/advisory/ntap-20201023-0003/https://www.oracle.com/security-alerts/cpuoct2020.html