CVE-2020-4051 – dijit

Package

Manager: npm
Name: dijit
Vulnerable Version: >=0 <1.11.11 || >=1.12.0 <1.12.9 || >=1.13.0 <1.13.8 || >=1.14.0 <1.14.7 || >=1.15.0 <1.15.4 || >=1.16.0 <1.16.3

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00169 pctl0.38513

Details

Cross-site Scripting in dijit editor's LinkDialog plugin ### Impact XSS possible for users of the Dijit Editor's LinkDialog plugin ### Patches Yes, 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3 ### Workarounds Users may apply the patch made in these releases. ### For more information If you have any questions or comments about this advisory, open an issue in [dojo/dijit](https://github.com/dojo/dijit/)

Metadata

Created: 2020-06-15T21:53:12Z
Modified: 2023-03-01T01:09:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-cxjc-r2fp-7mq6/GHSA-cxjc-r2fp-7mq6.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-cxjc-r2fp-7mq6
Finding: F008
Auto approve: 1