Lucene search
GoogleOSV:GHSA-6RJC-4PWR-3VP7HistoryDec 02, 2019 - 6:14 p.m.
Cross-Site Scripting in iobroker.web
2019-12-0218:14:30
Google
osv.dev
8
0.001 Low
EPSS
Percentile
33.8%
Versions of iobroker.web prior to 2.4.10 are vulnerable to Cross-Site Scripting. The package fails to escape URL parameters that may be reflected in the server response. This can be used by attackers to execute arbitrary JavaScript in the victim’s browser.
Recommendation
Upgrade to version 2.4.10 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| iobroker.web | lt | 2.4.10 |
Related
nodejs
nodejs
Cross-Site Scripting
2019-11-27 15:14:50
prion
prion
Design/Logic Flaw
2019-11-25 23:15:00
cve
cve
CVE-2019-10771
2019-11-25 23:15:10
githubexploit
githubexploit
Exploit for Cross-site Scripting in Iobroker Iobroker.Web
2020-12-01 09:18:57
github
github
Cross-Site Scripting in iobroker.web
2019-12-02 18:14:30
veracode
veracode
Cross-site Scripting (XSS)
2019-11-27 08:45:38
nvd
nvd
CVE-2019-10771
2019-11-25 23:15:10
cvelist
cvelist
CVE-2019-10771
2019-11-25 22:39:39