CVE-2020-4051

Summary

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.

Affected Software

VendorProductVersion RangeStatus
Dojodijit< 1.11.11affected
Dojodijit>= 1.12.0, < 1.12.9affected
Dojodijit>= 1.13.0, < 1.13.8affected
Dojodijit>= 1.14.0, < 1.14.7affected
Dojodijit>= 1.15.0, < 1.15.4affected
Dojodijit>= 1.16.0, < 1.16.3affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References