12 matches found
Mageia: Security Advisory (MGASA-2020-0126)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM DataPower Gateway affected by XSS vulnerability (CVE-2019-10785)
Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2019-10785 DESCRIPTION: Dojox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the dojox.xmpp.util.xmlEncode. A remote attacker could exploit this vulnerability to execute script in a...
Security Bulletin: IBM Tivoli Netcool Impact is affected by an IBM Dojo Toolkit vulnerability (CVE-2019-10785)
Summary IBM Tivoli Netcool Impact has addressed the following IBM Dojo Toolkit vulnerability. Vulnerability Details CVEID: CVE-2019-10785 DESCRIPTION: Dojox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the dojox.xmpp.util.xmlEncode. A remote...
MGASA-2020-0126 Updated dojo packages fix security vulnerability
Updated dojo package fixes security vulnerability: dojox was vulnerable to Cross-site Scripting. This was due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them CVE-2019-10785...
bryaktestgrid (>=0.0.1 <=0.0.6), dojo-rql (>=0.1.0 <=0.3.2) +1 more potentially affected by CVE-2019-10785 via dojox (=1.11.2)
dojox NPM version =1.11.2 is affected by a known vulnerability. The following packages have a transitive dependency on dojox and may be impacted: - bryaktestgrid =0.0.1, =0.1.0, =0.0.1, =0.5.24 Source cves: CVE-2019-10785 Source advisory: OSV:GHSA-PG97-WW7H-5MJR...
CVE-2019-10785
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them...
CVE-2019-10785
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them...
CVE-2019-10785
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them...
CVE-2019-10785
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them...
CVE-2019-10785
CVE-2019-10785 affects the Dojo/Dojox component, where dojox.xmpp.util.xmlEncode only encodes the first occurrence of each character, enabling cross-site scripting in affected Dojo versions prior to 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. The connected IBM and Nessus entries corroborat...
CVE-2019-10785
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them...
bryaktestgrid (>=0.0.1 <=0.0.6), dojo-rql (>=0.1.0 <=0.3.2) +1 more potentially affected by CVE-2019-10785 via dojox (=1.11.2)
dojox NPM version =1.11.2 is affected by a known vulnerability. The following packages have a transitive dependency on dojox and may be impacted: - bryaktestgrid =0.0.1, =0.1.0, =0.0.1, =0.5.24 Source cves: CVE-2019-10785 Source advisory: SNYK:JS-DOJOX-548257...