CVE-2019-10785 vulnerability in Linux Foundation and Other Products
Published on February 13, 2020
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
Products Associated with CVE-2019-10785
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-10785 are published in these products:
Vulnerable Packages
The following package name and versions may be associated with CVE-2019-10785
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| npm | dojox | < 1.11.9 | 1.11.9 |
| npm | dojox | >= 1.12.0, < 1.12.7 | 1.12.7 |
| npm | dojox | >= 1.13.0, < 1.13.6 | 1.13.6 |
| npm | dojox | >= 1.14.0, < 1.14.5 | 1.14.5 |
| npm | dojox | >= 1.15.0, < 1.15.2 | 1.15.2 |
| npm | dojox | = 1.16.0 | 1.16.1 |
Exploit Probability
EPSS
0.24%
Percentile
47.29%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.