Description
In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.
Remediation
References
https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301
https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6
https://www.oracle.com/security-alerts/cpuoct2020.html
https://security.netapp.com/advisory/ntap-20201023-0003/
https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html
Related Vulnerabilities
CVE-2021-41164 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4
CVE-2020-26272 Vulnerability in npm package electron
CVE-2022-23539 Vulnerability in maven package org.webjars.npm:jsonwebtoken
CVE-2022-32065 Vulnerability in maven package com.ruoyi:ruoyi
CVE-2023-37263 Vulnerability in npm package @strapi/plugin-content-manager