UBUNTU-CVE-2019-10785
- Source
- https://ubuntu.com/security/CVE-2019-10785
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10785.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-10785
- Related
- Published
- 2020-02-13T17:15:00Z
- Modified
- 2025-01-13T10:21:55Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / dojo
Package
- Name
- dojo
- Purl
- pkg:deb/ubuntu/dojo@1.10.4+dfsg-2?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / dojo
Package
- Name
- dojo
- Purl
- pkg:deb/ubuntu/dojo@1.11.0+dfsg-1?arch=source&distro=esm-apps/bionic
Ubuntu:20.04:LTS / dojo
Package
- Name
- dojo
- Purl
- pkg:deb/ubuntu/dojo@1.15.0+dfsg1-1?arch=source&distro=focal
Ubuntu:22.04:LTS / dojo
Package
- Name
- dojo
- Purl
- pkg:deb/ubuntu/dojo@1.15.4+dfsg1-1?arch=source&distro=jammy
Ubuntu:24.10 / dojo
Package
- Name
- dojo
- Purl
- pkg:deb/ubuntu/dojo@1.17.2+dfsg1-2.1?arch=source&distro=oracular