LOW 3.7 npm
Cross-site Scripting in dijit editor's LinkDialog plugin
GHSA-cxjc-r2fp-7mq6 · CVE-2020-4051
Published · Modified
Description
Impact
XSS possible for users of the Dijit Editor's LinkDialog plugin
Patches
Yes, 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3
Workarounds
Users may apply the patch made in these releases.
For more information
If you have any questions or comments about this advisory, open an issue in dojo/dijit
References
- WEB https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-4051
- WEB https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301
- WEB https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html
- WEB https://security.netapp.com/advisory/ntap-20201023-0003
- WEB https://www.oracle.com/security-alerts/cpuoct2020.html
Ready to move
Start Securing
Free, no credit card | First findings in minutes