Lucene search
K

256 matches found

vulnersOsv
vulnersOsv
added 2019/10/25 7:41 p.m.5 views

@ia-cloud/node-red-contrib-ia-cloud-dashboard (>=0.0.1 <=0.0.4), node-red-contrib-ui-led (>=0.1.0 <=0.3.0) potentially affected by CVE-2019-10756 via node-red-dashboard (>=2.13.2 <=2.15.0)

node-red-dashboard NPM version =2.13.2, =0.0.1, =0.1.0, =0.3.0 Source cves: CVE-2019-10756 Source advisory: OSV:GHSA-XG59-M7WX-853Q...

5.4CVSS6AI score0.0057EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2019/10/25 7:41 p.m.28 views

Cross-site Scripting in node-red-dashboard

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...

5.4CVSS1.7AI score0.0057EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2019/10/15 7:27 p.m.2 views

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by CVE-2019-17495 via swagger-ui (>=2.0.17 <=3.20.7)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...

9.8CVSS6.7AI score0.0558EPSS
Exploits1
NVD
NVD
added 2019/10/08 7:15 p.m.39 views

CVE-2019-10756

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...

5.4CVSS5.4AI score0.0057EPSS
Exploits1References1
OSV
OSV
added 2019/10/08 7:15 p.m.16 views

CVE-2019-10756

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...

5.4CVSS6.5AI score
Exploits0References1
Prion
Prion
added 2019/10/08 7:15 p.m.15 views

Design/Logic Flaw

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...

3.5CVSS5.4AI score0.0057EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/08 6:58 p.m.36 views

CVE-2019-10756

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...

5.4AI score0.0057EPSS
Exploits1References1
CVE
CVE
added 2019/10/08 6:58 p.m.57 views

CVE-2019-10756

CVE-2019-10756 affects node-red-dashboard prior to version 2.17.0 where the ui_notification node accepts raw HTML by default, enabling JavaScript injection and thus cross-site scripting (XSS). The vulnerability stems from the ability to inject script through the notification UI component, as conf...

5.4CVSS5.3AI score0.0057EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2019/08/26 9:17 a.m.26 views

Node.js third-party modules: [node-red] Stored XSS within Flow's - "Name" field

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report Stored XSS in...

3.5CVSS5.2AI score0.00644EPSS
Exploits1
Snyk
Snyk
added 2019/07/24 9:42 a.m.2 views

Cross-site Scripting (XSS)

Overview node-red-dashboard is a provides a set of nodes in Node-RED to quickly create a live data dashboard. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Details Remediation Upgrade node-red-dashboard to version 2.17.0 or higher. References - GitHub Commit Credit...

5.7CVSS6.5AI score0.0057EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2019/07/24 9:42 a.m.6 views

@ia-cloud/node-red-contrib-ia-cloud-dashboard (>=0.0.1 <=0.0.4), node-red-contrib-ui-led (>=0.1.0 <=0.3.0) potentially affected by CVE-2019-10756 via node-red-dashboard (>=2.13.2 <=2.15.0)

node-red-dashboard NPM version =2.13.2, =0.0.1, =0.1.0, =0.3.0 Source cves: CVE-2019-10756 Source advisory: SNYK:JS-NODEREDDASHBOARD-471939...

5.4CVSS6AI score0.0057EPSS
Exploits1
Node.js
Node.js
added 2019/06/18 11:51 p.m.13 views

Cross-Site Scripting

Overview Versions of node-red prior to 0.18.6 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize the name field in new items, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 0.18.6 or later. References - HackerOn...

6.7AI score
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2019/05/14 4:2 a.m.5 views

4everland-pinning (>=1.0.4 <=1.0.10), @0x5e/homebridge-tuya-platform (>=1.6.0 <=1.7.0-beta.58) +3248 more potentially affected by CVE-2019-5432 via mqtt-packet (>=6.0.0 <=6.10.0)

mqtt-packet NPM version =6.0.0, =1.0.4, =1.6.0, =1.0.1, =0.2.0, =0.4.19, =0.12.0, =0.1.5, =0.1.8, =0.1.3, =0.12.0, =0.1.0, =0.8.3, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2019-5432 Source advisory: OSV:GHSA-WV67-9JQ7-8R69...

7.5CVSS7AI score0.01586EPSS
Exploits1
CNVD
CNVD
added 2018/09/18 12:0 a.m.3 views

Node-RED Unauthorized Remote Command Execution Vulnerability

Node-RED is a tool for building Internet of Things IOT applications that focuses on simplifying the "connectivity" of code blocks to perform tasks. Node-RED is vulnerable to unauthorized remote command execution. Since the Node-RED application does not enforce any type of authentication,...

7.7AI score
Exploits0References1
Veracode
Veracode
added 2018/07/19 5:44 a.m.9 views

Cross-Site Scripting (XSS)

node-red is affected by a cross-site scripting XSS vulnerability. The use of .html does not sanitise user input and allows for injection of arbitrary JavaScript through the name parameter...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2018/05/08 7:20 p.m.39 views

Node.js third-party modules: Stored XSS in Node-Red

I would like to report a stored XSS in node-red It allows to execute javascript in the user's browser Module module name: node-red version: v0.18.4 npm page: https://www.npmjs.com/package/node-red Module Description A visual tool for wiring the Internet of Things. Module Stats 1,758 downloads in...

5.3AI score
Exploits0
Rows per page
Query Builder