Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2019-10785

dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
linuxfoundation / dojox 1.15.0 1.15.2
linuxfoundation / dojox 1.14.0 1.14.5
linuxfoundation / dojox 1.13.0 1.13.6
linuxfoundation / dojox 1.12.0 1.12.7
linuxfoundation / dojox 1.16.0 1.16.1
linuxfoundation / dojox 1.11.0 1.11.9
debian / debian_linux 8.0 8.0.x
dojox - 1.11.9
dojox 1.12.0 1.12.7
dojox 1.13.0 1.13.6
dojox 1.14.0 1.14.5
dojox 1.15.0 1.15.2
dojox 1.16.0 1.16.0.x
dojox 1.16.0 1.16.1