Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2019/10/25 7:41 p.m.5 views

@ia-cloud/node-red-contrib-ia-cloud-dashboard (>=0.0.1 <=0.0.4), node-red-contrib-ui-led (>=0.1.0 <=0.3.0) potentially affected by CVE-2019-10756 via node-red-dashboard (>=2.13.2 <=2.15.0)

node-red-dashboard NPM version =2.13.2, =0.0.1, =0.1.0, =0.3.0 Source cves: CVE-2019-10756 Source advisory: OSV:GHSA-XG59-M7WX-853Q...

5.4CVSS6AI score0.0057EPSS
Exploits1
NVD
NVD
added 2019/10/08 7:15 p.m.41 views

CVE-2019-10756

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...

5.4CVSS5.4AI score0.0057EPSS
Exploits1References1
CVE
CVE
added 2019/10/08 6:58 p.m.57 views

CVE-2019-10756

CVE-2019-10756 affects node-red-dashboard prior to version 2.17.0 where the ui_notification node accepts raw HTML by default, enabling JavaScript injection and thus cross-site scripting (XSS). The vulnerability stems from the ability to inject script through the notification UI component, as conf...

5.4CVSS5.3AI score0.0057EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2019/07/24 9:42 a.m.6 views

@ia-cloud/node-red-contrib-ia-cloud-dashboard (>=0.0.1 <=0.0.4), node-red-contrib-ui-led (>=0.1.0 <=0.3.0) potentially affected by CVE-2019-10756 via node-red-dashboard (>=2.13.2 <=2.15.0)

node-red-dashboard NPM version =2.13.2, =0.0.1, =0.1.0, =0.3.0 Source cves: CVE-2019-10756 Source advisory: SNYK:JS-NODEREDDASHBOARD-471939...

5.4CVSS6AI score0.0057EPSS
Exploits1
Rows per page
Query Builder