vulnerability
Ubuntu: USN-7569-1 (CVE-2019-10785): Dojo vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Feb 13, 2020 | Jun 17, 2025 | Aug 18, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Feb 13, 2020
Added
Jun 17, 2025
Modified
Aug 18, 2025
Description
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
Solutions
ubuntu-pro-upgrade-libjs-dojo-coreubuntu-pro-upgrade-libjs-dojo-dijitubuntu-pro-upgrade-libjs-dojo-dojoxubuntu-pro-upgrade-shrinksafe
References
- CVE-2019-10785
- https://attackerkb.com/topics/CVE-2019-10785
- CWE-79
- UBUNTU-USN-7569-1
- URL-https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr
- URL-https://snyk.io/vuln/SNYK-JS-DOJOX-548257,
- URL-https://ubuntu.com/security/notices/USN-7569-1
- URL-https://www.cve.org/CVERecord?id=CVE-2019-10785
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.