In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.
References
Link | Resource |
---|---|
https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301 | Patch Third Party Advisory |
https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20201023-0003/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2020.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
28 Feb 2023, 18:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* |
|
First Time |
Netapp active Iq Unified Manager
Netapp oncommand Workflow Automation Debian Netapp Netapp oncommand Insight Debian debian Linux Netapp snapcenter |
|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20201023-0003/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html - Mailing List, Third Party Advisory |
29 Jan 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-06-15 22:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-4051
Mitre link : CVE-2020-4051
CVE.ORG link : CVE-2020-4051
JSON object : View
Products Affected
debian
- debian_linux
netapp
- active_iq_unified_manager
- oncommand_workflow_automation
- snapcenter
- oncommand_insight
openjsf
- dijit
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')