Moderate severityNVD Advisory· Published Oct 31, 2022· Updated Apr 15, 2025

node-red-dashboard ui_text Format ui-component-ctrl.js cross site scripting

CVE-2022-3783

Description

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
node-red-dashboardnpm	< 3.2.0	3.2.0

Affected products

ghsa-coords
pkg:npm/node-red-dashboard
Range: < 3.2.0
unspecified/node-red-dashboardv5
Range: n/a

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-vrv9-3x3w-ffxwghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-3783ghsaADVISORY
github.com/node-red/node-red-dashboard/commit/9305d1a82f19b235dfad24a7d1dd4ed244db7743ghsaWEB
github.com/node-red/node-red-dashboard/issues/772ghsaWEB
vuldb.comghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000