Source: dojo Version: 1.15.0+dfsg1-1 Severity: important Tags: security upstream Control: found -1 1.14.2+dfsg1-1
Hi, The following vulnerability was published for dojo. CVE-2019-10785[0]: | dojox is vulnerable to Cross-site Scripting in all versions before | version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due | to dojox.xmpp.util.xmlEncode only encoding the first occurrence of | each character, not all of them. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10785 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10785 [1] https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr [2] https://snyk.io/vuln/SNYK-JS-DOJOX-548257 Please adjust the affected versions in the BTS as needed. Regards, Salvatore