Description

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.

Remediation

References

https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301

https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6

https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html

https://security.netapp.com/advisory/ntap-20201023-0003/

https://www.oracle.com/security-alerts/cpuoct2020.html

Related Vulnerabilities

CVE-2023-49299 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-master

CVE-2022-0639 Vulnerability in npm package url-parse

CVE-2022-41918 Vulnerability in maven package org.opensearch.plugin:opensearch-security

CVE-2012-6612 Vulnerability in maven package org.apache.solr:solr-core

CVE-2021-27515 Vulnerability in npm package url-parse

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Third Party Advisory Mailing List NVD-CWE-noinfo