CVE-2019-10785
Last modified
CVE-2019-10785 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.. EPSS estimates a 1.81% chance of exploitation in the next 30 days.
Description
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Dojox | >= 1.11.0, < 1.11.9 |
| Linuxfoundation | Dojox | >= 1.12.0, < 1.12.7 |
| Linuxfoundation | Dojox | >= 1.13.0, < 1.13.6 |
| Linuxfoundation | Dojox | >= 1.14.0, < 1.14.5 |
| Linuxfoundation | Dojox | >= 1.15.0, < 1.15.2 |
| Linuxfoundation | Dojox | >= 1.16.0, < 1.16.1 |
| Debian | Debian Linux | 8.0 |
References
- https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjrExploit, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/02/msg00033.htmlMailing List, Third Party Advisory
- https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjrExploit, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/02/msg00033.htmlMailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10785?
How severe is CVE-2019-10785?
How do I fix CVE-2019-10785?
Are you affected by CVE-2019-10785?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST