Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-vrv9-3x3w-ffxw: node-red-dashboard vulnerable to Cross-site Scripting

node-red-dashboard contains a cross-site scripting vulnerability. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The attack may be initiated remotely. The issue is patched in version 3.2.0.

ghsa
Open in Source
#xss#vulnerability#js#git

node-red-dashboard vulnerable to Cross-site Scripting

Moderate severity GitHub Reviewed Published Nov 1, 2022 • Updated Nov 1, 2022

Related news

CVE-2022-3783: User can inject JavaScript code into the text node which can cause security issues( Cross-Site Scripting) · Issue #772 · node-red/node-red-dashboard

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555.

ghsa: Latest News

GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
ghsa