UBUNTU-CVE-2019-10785
- Source
- https://ubuntu.com/security/CVE-2019-10785
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10785.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-10785
- Related
- Published
- 2020-02-13T17:15:00Z
- Modified
- 2025-06-17T08:42:37Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / dojo
Package
- Name
- dojo
- Purl
- pkg:deb/ubuntu/dojo@1.10.4+dfsg-2ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.4+dfsg-2ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_name": "libjs-dojo-core",
"binary_version": "1.10.4+dfsg-2ubuntu0.1~esm1"
},
{
"binary_name": "libjs-dojo-dijit",
"binary_version": "1.10.4+dfsg-2ubuntu0.1~esm1"
},
{
"binary_name": "libjs-dojo-dojox",
"binary_version": "1.10.4+dfsg-2ubuntu0.1~esm1"
}
]
}
Ubuntu:Pro:18.04:LTS / dojo
Package
- Name
- dojo
- Purl
- pkg:deb/ubuntu/dojo@1.11.0+dfsg-1?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:20.04:LTS / dojo
Package
- Name
- dojo
- Purl
- pkg:deb/ubuntu/dojo@1.15.0+dfsg1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.15.0+dfsg1-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_name": "libjs-dojo-core",
"binary_version": "1.15.0+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "libjs-dojo-dijit",
"binary_version": "1.15.0+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "libjs-dojo-dojox",
"binary_version": "1.15.0+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "shrinksafe",
"binary_version": "1.15.0+dfsg1-1ubuntu0.1~esm1"
}
]
}
Ubuntu:22.04:LTS / dojo
Package
- Name
- dojo
- Purl
- pkg:deb/ubuntu/dojo@1.15.4+dfsg1-1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.15.4+dfsg1-1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_name": "libjs-dojo-core",
"binary_version": "1.15.4+dfsg1-1"
},
{
"binary_name": "libjs-dojo-dijit",
"binary_version": "1.15.4+dfsg1-1"
},
{
"binary_name": "libjs-dojo-dojox",
"binary_version": "1.15.4+dfsg1-1"
},
{
"binary_name": "shrinksafe",
"binary_version": "1.15.4+dfsg1-1"
}
]
}
Ubuntu:24.10 / dojo
Package
- Name
- dojo
- Purl
- pkg:deb/ubuntu/dojo@1.17.2+dfsg1-2.1?arch=source&distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.17.2+dfsg1-2.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_name": "libjs-dojo-core",
"binary_version": "1.17.2+dfsg1-2.1"
},
{
"binary_name": "libjs-dojo-dijit",
"binary_version": "1.17.2+dfsg1-2.1"
},
{
"binary_name": "libjs-dojo-dojox",
"binary_version": "1.17.2+dfsg1-2.1"
},
{
"binary_name": "shrinksafe",
"binary_version": "1.17.2+dfsg1-2.1"
}
]
}
Ubuntu:24.04:LTS / dojo
Package
- Name
- dojo
- Purl
- pkg:deb/ubuntu/dojo@1.17.2+dfsg1-2.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.17.2+dfsg1-2.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_name": "libjs-dojo-core",
"binary_version": "1.17.2+dfsg1-2.1"
},
{
"binary_name": "libjs-dojo-dijit",
"binary_version": "1.17.2+dfsg1-2.1"
},
{
"binary_name": "libjs-dojo-dojox",
"binary_version": "1.17.2+dfsg1-2.1"
},
{
"binary_name": "shrinksafe",
"binary_version": "1.17.2+dfsg1-2.1"
}
]
}
Ubuntu:25.04 / dojo
Package
- Name
- dojo
- Purl
- pkg:deb/ubuntu/dojo@1.17.3+dfsg1-1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.17.3+dfsg1-1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_name": "libjs-dojo-core",
"binary_version": "1.17.3+dfsg1-1"
},
{
"binary_name": "libjs-dojo-dijit",
"binary_version": "1.17.3+dfsg1-1"
},
{
"binary_name": "libjs-dojo-dojox",
"binary_version": "1.17.3+dfsg1-1"
},
{
"binary_name": "shrinksafe",
"binary_version": "1.17.3+dfsg1-1"
}
]
}