CVE-2020-4051

🗓️ 15 Jun 2020 00:00:00Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 113 Views

CVE-2020-4051: Cross-site scripting vulnerability in Dijit Editor's LinkDialog plugin

Reporter	Title	Published	Views	Family All 41
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2022-34339, CVE-2021-3712, CVE-2021-3711, CVE-2021-4160, CVE-2021-29425, CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-43138, CVE-2022-24758)	26 Mar 202502:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Open Source software used by Cloud Pak System	31 Mar 202314:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in dojo library shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2019-10785, CVE-2020-5259, CVE-2020-4051, CVE-2018-15494, CVE-2021-23450)	22 Aug 202206:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Dojo toolkit shipped with IBM WebSphere eXtreme Scale Liberty Deployment and eXtremescale Client	19 Apr 202411:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.10	29 Jul 202522:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in dojo may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)	4 Feb 202120:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Jazz Reporting Services is vulnerable to a to cross-site scripting (CVE-2020-4051)	2 Sep 202408:14	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Cloud Pak for Automation	6 Feb 202100:02	–	ibm
AstraLinux	Astra Linux - уязвимость в dojo	3 May 202623:59	–	astralinux
Cvelist	CVE-2020-4051 XSS in Dijit Editor's LinkDialog plugin	15 Jun 202000:00	–	cvelist

NVD

Vulners

Node

openjsf dijitRange<1.11.11

openjsf dijitRange1.12.0–1.12.9

openjsf dijitRange1.13.0–1.13.8

openjsf dijitRange1.14.0–1.14.7

openjsf dijitRange1.15.0–1.15.4

openjsf dijitRange1.16.0–1.16.3

Node

debian debian_linuxMatch10.0

Node

netapp active_iq_unified_managerMatch-vmware_vsphere

netapp active_iq_unified_managerMatch-windows

netapp oncommand_insightMatch-

netapp oncommand_workflow_automationMatch-

netapp snapcenterMatch-

[
  {
    "vendor": "Dojo",
    "product": "dijit",
    "versions": [
      {
        "version": "< 1.11.11",
        "status": "affected"
      },
      {
        "version": ">= 1.12.0, < 1.12.9",
        "status": "affected"
      },
      {
        "version": ">= 1.13.0, < 1.13.8",
        "status": "affected"
      },
      {
        "version": ">= 1.14.0, < 1.14.7",
        "status": "affected"
      },
      {
        "version": ">= 1.15.0, < 1.15.4",
        "status": "affected"
      },
      {
        "version": ">= 1.16.0, < 1.16.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301
oracle	www.oracle.com/security-alerts/cpuoct2020.html
github	www.github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6
security	www.security.netapp.com/advisory/ntap-20201023-0003/
lists	www.lists.debian.org/debian-lts-announce/2023/01/msg00030.html

21 Nov 2024 05:32Current

4.7Medium risk

Vulners AI Score4.7

CVSS 23.5

CVSS 3.13.7 - 5.4

EPSS0.00227

CWE-79