CVE-2020-4051

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openjsf:dijit:*:*:*:*:*:*:*:*
cpe:2.3:a:openjsf:dijit:*:*:*:*:*:*:*:*
cpe:2.3:a:openjsf:dijit:*:*:*:*:*:*:*:*
cpe:2.3:a:openjsf:dijit:*:*:*:*:*:*:*:*
cpe:2.3:a:openjsf:dijit:*:*:*:*:*:*:*:*
cpe:2.3:a:openjsf:dijit:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:32

Type Values Removed Values Added
CVSS v2 : 3.5
v3 : 5.4
v2 : 3.5
v3 : 3.7
References () https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301 - Patch, Third Party Advisory () https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301 - Patch, Third Party Advisory
References () https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6 - Third Party Advisory () https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6 - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html - Mailing List, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20201023-0003/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20201023-0003/ - Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory

28 Feb 2023, 18:28

Type Values Removed Values Added
CVSS v2 : 3.5
v3 : 4.6
v2 : 3.5
v3 : 5.4
CPE cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20201023-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20201023-0003/ - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory

Information

Published : 2020-06-15 22:15

Updated : 2024-11-21 05:32


NVD link : CVE-2020-4051

Mitre link : CVE-2020-4051

CVE.ORG link : CVE-2020-4051


JSON object : View

Products Affected

netapp

  • oncommand_insight
  • oncommand_workflow_automation
  • snapcenter
  • active_iq_unified_manager

openjsf

  • dijit

debian

  • debian_linux
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')