3 matches found
CVE-2019-10771
Characters in the GET url path are not properly escaped and can be reflected in the server response...
CVE-2019-10771
Characters in the GET url path are not properly escaped and can be reflected in the server response...
CVE-2019-10771
CVE-2019-10771 affects the iobroker.web (Node.js/Express) web server. The vulnerability stems from the GET URL path not escaping characters, allowing reflected XSS in the server’s response. Affected versions are prior to 2.4.10. Remediation: upgrade to version 2.4.10 or later. In the provided doc...