Mageia: 2020-0126 Moderate: Dojo Cross-Site Scripting Threat

mageia

March 6, 2020

Updated dojo package fixes security vulnerability: dojox was vulnerable to Cross-site Scripting

Summary

Updated dojo package fixes security vulnerability:
dojox was vulnerable to Cross-site Scripting. This was due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them (CVE-2019-10785).

References

- https://bugs.mageia.org/show_bug.cgi?id=26287

- https://lists.debian.org/debian-lts-announce/2020/02/msg00033.html

- https://www.cve.org/CVERecord?id=CVE-2019-10785

Topics Covered

security advisory update cross-site scripting fix Mageia dojo

Resolution

SRPMS

- 7/core/dojo-1.14.5-1.mga7

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 06 Mar 2020

URL: https://advisories.mageia.org/MGASA-2020-0126.html

Type: security

CVE: CVE-2019-10785

Topics Covered

security advisory update cross-site scripting fix Mageia dojo

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia: 2020-0126 Moderate: Dojo Cross-Site Scripting Threat

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia: 2020-0126 Moderate: Dojo Cross-Site Scripting Threat

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!