cbcvebase.
CVE-2020-4051
published 2020-06-15

CVE-2020-4051: In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and…

PriorityP428medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
1.18%
63.9th percentile
In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiandojo< dojo 1.15.4+dfsg1-1 (bookworm)dojo 1.15.4+dfsg1-1 (bookworm)
dojodijit< 1.11.111.11.11
dojodijit
dojodijit
dojodijit
dojodijit
dojodijit
dojodijit>= 0 < 1.11.111.11.11
dojodijit>= 1.12.0 < 1.12.91.12.9
dojodijit>= 1.13.0 < 1.13.81.13.8
dojodijit>= 1.14.0 < 1.14.71.14.7
dojodijit>= 1.15.0 < 1.15.41.15.4
dojodijit>= 1.16.0 < 1.16.31.16.3
linuxfoundationdojo>= 0 < 1.15.4+dfsg1-11.15.4+dfsg1-1
linuxfoundationdojo>= 0 < 1.15.4+dfsg1-11.15.4+dfsg1-1
linuxfoundationdojo>= 0 < 1.15.4+dfsg1-11.15.4+dfsg1-1
linuxfoundationdojo>= 0 < 1.15.4+dfsg1-11.15.4+dfsg1-1
linuxfoundationdojo>= 0 < 1.15.4+dfsg1-1ubuntu0.11.15.4+dfsg1-1ubuntu0.1
linuxfoundationdojo>= 0 < 1.10.4+dfsg-2ubuntu0.1~esm11.10.4+dfsg-2ubuntu0.1~esm1
linuxfoundationdojo>= 0 < 1.15.0+dfsg1-1ubuntu0.1~esm11.15.0+dfsg1-1ubuntu0.1~esm1
openjsfdijit< 1.11.111.11.11
openjsfdijit>= 1.12.0 < 1.12.91.12.9
openjsfdijit>= 1.13.0 < 1.13.81.13.8
openjsfdijit>= 1.14.0 < 1.14.71.14.7

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian3.7LOW
vendor_redhat3.7LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.