CVE-2019-10756

2019-10-0819:15:09

Google

osv.dev

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default.

References

snyk.io/vuln/SNYK-JS-NODEREDDASHBOARD-471939