VDB
CVE-2020-4051
CVE-2020-4051
PUBLISHED
In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.
EPSS 0.22% · 44.3th percentile
Risk Scores
EPSS Score
0.22%
44.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | dojo | 1.15.0+dfsg1-1, 0, 1.14.2+dfsg1-1 |
| Ubuntu:18.04:LTS | dojo | 0, 1.11.0+dfsg-1 |
| Ubuntu:Pro:16.04:LTS | dojo | *, 0 |
Timeline
- Jun 15, 2020 CVE Published
- Oct 23, 2020 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-4051 third-party-advisory
- https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301 third-party-advisory
- https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-4051 third-party-advisory
- https://ubuntu.com/security/notices/USN-7569-1 vendor-advisory