Описание
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 1.17.3+dfsg1-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | released | 1.15.0+dfsg1-1ubuntu0.1~esm1 |
| esm-apps/jammy | not-affected | 1.15.4+dfsg1-1 |
| esm-apps/noble | not-affected | 1.17.2+dfsg1-2.1 |
| esm-apps/xenial | released | 1.10.4+dfsg-2ubuntu0.1~esm1 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needs-triage |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
dojox is vulnerable to Cross-site Scripting in all versions before ver ...
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode
Уязвимость компонента dojox.xmpp.util.xmlEncode библиотеки JavaScript dojox, позволяющая нарушителю оказать воздействие на целостность данны
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3