CVE-2020-4051

Description

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.

How to fix CVE-2020-4051

To remediate CVE-2020-4051, upgrade the affected package to a fixed version below.

• —upgrade to 1.15.4+dfsg1-1 or later
• —upgrade to 1.14.2+dfsg1-1+deb10u3 or later
• —upgrade to 1.11.11 or later

Is CVE-2020-4051 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 1.15.4+dfsg1-1
• from 0, < 1.14.2+dfsg1-1+deb10u3
• from 0, < 1.11.11

CVSS scores

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-4051
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-4051
• WEBgithub.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301
• WEBgithub.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6