4 matches found
@ia-cloud/node-red-contrib-ia-cloud-dashboard (>=0.0.1 <=0.0.4), node-red-contrib-ui-led (>=0.1.0 <=0.3.0) potentially affected by CVE-2019-10756 via node-red-dashboard (>=2.13.2 <=2.15.0)
node-red-dashboard NPM version =2.13.2, =0.0.1, =0.1.0, =0.3.0 Source cves: CVE-2019-10756 Source advisory: OSV:GHSA-XG59-M7WX-853Q...
CVE-2019-10756
It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...
CVE-2019-10756
CVE-2019-10756 affects node-red-dashboard prior to version 2.17.0 where the ui_notification node accepts raw HTML by default, enabling JavaScript injection and thus cross-site scripting (XSS). The vulnerability stems from the ability to inject script through the notification UI component, as conf...
@ia-cloud/node-red-contrib-ia-cloud-dashboard (>=0.0.1 <=0.0.4), node-red-contrib-ui-led (>=0.1.0 <=0.3.0) potentially affected by CVE-2019-10756 via node-red-dashboard (>=2.13.2 <=2.15.0)
node-red-dashboard NPM version =2.13.2, =0.0.1, =0.1.0, =0.3.0 Source cves: CVE-2019-10756 Source advisory: SNYK:JS-NODEREDDASHBOARD-471939...