CVE-2019-10785
Summary
| CVE | CVE-2019-10785 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-02-13 17:15:00 UTC |
|---|
| Updated | 2023-11-07 03:02:00 UTC |
|---|
| Description | dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 2127-1] dojo security update |
MLIST |
lists.debian.org |
Mailing List, Third Party Advisory |
| Page not found | Snyk |
|
snyk.io |
|
| XSS due to insufficient escape in dojox.xmpp.util.xmlEncode · Advisory · dojo/dojox · GitHub |
MISC |
github.com |
Exploit, Third Party Advisory |
| Invalid vulnerability |
MISC |
snyk.io |
Broken Link |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 981589 Nodejs (npm) Security Update for dojox (GHSA-pg97-ww7h-5mjr)
