Lucene search

Cross-Site Scripting in node-red

🗓️ 30 Jan 2020 21:21:00Reported by GitHub Advisory DatabaseType

Versions of node-red prior to 0.20.8 are vulnerable to Cross-Site Scripting (XSS). Upgrade to version 0.18.6 or later

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
NVD	CVE-2019-15607	28 Jan 202003:15	–	nvd
Hacker One	Node.js third-party modules: [node-red] Stored XSS within Flow's - "Name" field	26 Aug 201909:17	–	hackerone
Veracode	Cross-Site Scripting (XSS)	13 Jan 202004:55	–	veracode
Prion	Cross site scripting	28 Jan 202003:15	–	prion
OSV	Cross-Site Scripting in node-red	30 Jan 202021:00	–	osv
OSV	CVE-2019-15607	28 Jan 202003:15	–	osv
Cvelist	CVE-2019-15607	28 Jan 202002:13	–	cvelist
CVE	CVE-2019-15607	28 Jan 202003:15	–	cve

Vulners

Node

nodered node-redRange≤0.20.7

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-15607
hackerone	www.hackerone.com/reports/681986
npmjs	www.npmjs.com/advisories/1456
github	www.github.com/advisories/GHSA-8w65-xjc5-9w79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

30 Jan 2020 21:00Current

4.6Medium risk

Vulners AI Score4.6

CVSS23.5

CVSS35.4

EPSS0.00068

CWE-79