VDB
CVE-2019-10785
CVE-2019-10785
PUBLISHED
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
EPSS 0.24% · 47.7th percentile
Risk Scores
EPSS Score
0.24%
47.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | dojo | *, 0 |
| Ubuntu:18.04:LTS | dojo | 1.11.0+dfsg-1, 0 |
| Ubuntu:Pro:20.04:LTS | dojo | 1.15.0+dfsg1-1, 0, 1.14.2+dfsg1-1 |
Timeline
- Apr 30, 2017 PoC Published
- Feb 13, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Jun 28, 2021 PoC Published
- Aug 19, 2021 CVE Updated
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 22, 2022 PoC Published
- May 1, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-10785 third-party-advisory
- https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr third-party-advisory
- https://snyk.io/vuln/SNYK-JS-DOJOX-548257, third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-10785 third-party-advisory
- https://ubuntu.com/security/notices/USN-7569-1 vendor-advisory