npm package
node-red-dashboard
pkg:npm/node-red-dashboard
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3783 | — | < 3.2.0 | 3.2.0 | Oct 31, 2022 | A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. | ||
| CVE-2021-3223 | — | < 2.26.2 | 2.26.2 | Jan 26, 2021 | Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. | ||
| CVE-2019-10756 | — | < 2.17.0 | 2.17.0 | Oct 8, 2019 | It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default. |
- CVE-2022-3783Oct 31, 2022affected < 3.2.0fixed 3.2.0
A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting.
- CVE-2021-3223Jan 26, 2021affected < 2.26.2fixed 2.26.2
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
- CVE-2019-10756Oct 8, 2019affected < 2.17.0fixed 2.17.0
It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default.