Описание
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| dojo | fixed | 1.15.2+dfsg1-1 | package | |
| dojo | fixed | 1.14.2+dfsg1-1+deb10u1 | buster | package |
Примечания
https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr
https://snyk.io/vuln/SNYK-JS-DOJOX-548257
https://github.com/dojo/dojox/pull/315
Связанные уязвимости
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode
Уязвимость компонента dojox.xmpp.util.xmlEncode библиотеки JavaScript dojox, позволяющая нарушителю оказать воздействие на целостность данны