Lucene search
UnknownNODEJS:1345HistoryNov 27, 2019 - 3:14 p.m.
Cross-Site Scripting
2019-11-2715:14:50
Unknown
www.npmjs.com
8
0.001 Low
EPSS
Percentile
33.8%
Overview
Versions of iobroker.web prior to 2.4.10 are vulnerable to Cross-Site Scripting. The package fails to escape URL parameters that may be reflected in the server response. This can be used by attackers to execute arbitrary JavaScript in the victim’s browser.
Recommendation
Upgrade to version 2.4.10 or later.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| iobroker.web | lt | 2.4.10 |
Related
osv
osv
Cross-Site Scripting in iobroker.web
2019-12-02 18:14:30
prion
prion
Design/Logic Flaw
2019-11-25 23:15:00
cve
cve
CVE-2019-10771
2019-11-25 23:15:10
githubexploit
githubexploit
Exploit for Cross-site Scripting in Iobroker Iobroker.Web
2020-12-01 09:18:57
github
github
Cross-Site Scripting in iobroker.web
2019-12-02 18:14:30
veracode
veracode
Cross-site Scripting (XSS)
2019-11-27 08:45:38
nvd
nvd
CVE-2019-10771
2019-11-25 23:15:10
cvelist
cvelist
CVE-2019-10771
2019-11-25 22:39:39