CVE-2020-4051

Published: Jun 15, 2020Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.

Affected (12)

Products: Openjsf: Dijit · Debian: Debian Linux · Netapp: Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation, Snapcenter

1 product

1 product

4 products

Active Iq Unified Manager

Oncommand Insight

Oncommand Workflow Automation

Snapcenter

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Openjsf Dijit	Before 1.11.11
Openjsf Dijit	From 1.12.0 to 1.12.9
Openjsf Dijit	From 1.13.0 to 1.13.8
Openjsf Dijit	From 1.14.0 to 1.14.7
Openjsf Dijit	From 1.15.0 to 1.15.4
Openjsf Dijit	From 1.16.0 to 1.16.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Active Iq Unified Manager	All versions
Netapp Oncommand Insight	All versions
Netapp Oncommand Workflow Automation	All versions
Netapp Snapcenter	All versions