vulnerability
Ubuntu: USN-7569-1 (CVE-2019-10785): Dojo vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Feb 13, 2020 | Jun 17, 2025 | Apr 16, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Feb 13, 2020
Added
Jun 17, 2025
Modified
Apr 16, 2026
Description
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
Solutions
ubuntu-pro-upgrade-libjs-dojo-coreubuntu-pro-upgrade-libjs-dojo-dijitubuntu-pro-upgrade-libjs-dojo-dojoxubuntu-pro-upgrade-shrinksafeubuntu-upgrade-libjs-dojo-coreubuntu-upgrade-libjs-dojo-dijitubuntu-upgrade-libjs-dojo-dojoxubuntu-upgrade-shrinksafe
References
- CVE-2019-10785
- https://attackerkb.com/topics/CVE-2019-10785
- CWE-79
- EUVD-EUVD-2020-0309
- UBUNTU-USN-7569-1
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-0309
- https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr
- https://snyk.io/vuln/SNYK-JS-DOJOX-548257,
- https://ubuntu.com/security/notices/USN-7569-1
- https://www.cve.org/CVERecord?id=CVE-2019-10785
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.