Published: 13/02/2020 Updated: 21/11/2024

dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linuxfoundation dojox
debian debian linux 8.0

Debian Bug report logs - #952771 dojo: CVE-2019-10785 Package: src:dojo; Maintainer for src:dojo is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 28 Feb 2020 21:51:01 UTC Severity: important Tags: security, upstream Foun ...

CWE-79 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952771 https://nvd.nist.gov https://www.first.org/epss https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr https://lists.debian.org/debian-lts-announce/2020/02/msg00033.html https://snyk.io/vuln/SNYK-JS-DOJOX-548257%2C https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr https://lists.debian.org/debian-lts-announce/2020/02/msg00033.html https://snyk.io/vuln/SNYK-JS-DOJOX-548257%2C

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-10785

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect