Description

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.

Remediation

References

https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301

https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6

https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html

https://security.netapp.com/advisory/ntap-20201023-0003/

https://www.oracle.com/security-alerts/cpuoct2020.html

Related Vulnerabilities

CVE-2023-37277 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-war

CVE-2021-23346 Vulnerability in npm package html-parse-stringify

CVE-2021-43116 Vulnerability in maven package com.alibaba.nacos:nacos-client

CVE-2021-25930 Vulnerability in maven package org.opennms:opennms-webapp

CVE-2022-43421 Vulnerability in maven package org.jenkins-ci.plugins:tuleap-git-branch-source

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Third Party Advisory Mailing List NVD-CWE-noinfo