{"id":"CVE-2019-10785","details":"dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.","aliases":["GHSA-pg97-ww7h-5mjr","SNYK-JS-DOJOX-548257,"],"modified":"2026-05-18T05:50:35.312283577Z","published":"2020-02-13T17:15:29.477Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"8.0"}]}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00033.html"},{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-JS-DOJOX-548257%2C"},{"type":"EVIDENCE","url":"https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dojo/dojox","events":[{"introduced":"36af077105c8c07b98e331b3c0687a86eea1f717"},{"fixed":"21e2d558ed9b3b7e2907aaa0f815a9baf0b3f95c"},{"introduced":"8759d49d62fb11b3fd0a350a355983f503003ec1"},{"fixed":"1181a41a90b64a4f985d0acabda2f43b6cadb024"},{"introduced":"e525214d36765e5f3f0fcc577425c05bdd5bf57d"},{"fixed":"00a6f297055fefaf64c0c75f1a3fe224835c1939"},{"introduced":"5a80bf388a8cb52e71b48e1c493c18c022195241"},{"fixed":"4837499e6b0b16e16049c1e901b7d0ccdcd9f264"},{"introduced":"c1493139a5230c207e548198087bd1982a792511"},{"fixed":"bea1d0202ff6552d1af2b82dcaa9dea481a0b975"},{"introduced":"0960cc1c2fedb79b43ebf478fbe8891907c1439c"},{"fixed":"3fb05d5cdb85d22eca9ebe81ff422e31256181a1"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:linuxfoundation:dojox:*:*:*:*:*:node.js:*:*","extracted_events":[{"introduced":"1.11.0"},{"fixed":"1.11.9"},{"introduced":"1.12.0"},{"fixed":"1.12.7"},{"introduced":"1.13.0"},{"fixed":"1.13.6"},{"introduced":"1.14.0"},{"fixed":"1.14.5"},{"introduced":"1.15.0"},{"fixed":"1.15.2"},{"introduced":"1.16.0"},{"fixed":"1.16.1"}]}}],"versions":["1.16.0","1.11.8","1.12.6","1.13.5","1.14.4","1.15.1","1.15.0","1.11.7","1.12.5","1.13.4","1.14.3","1.13.3","1.14.2","1.13.2","1.14.1","1.14.0","1.11.6","1.12.4","1.13.1","1.13.0","1.12.3","1.11.5","1.12.2","1.11.4","1.12.1","1.12.0","1.11.3","1.11.2","1.11.1","1.11.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10785.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}