3 matches found
Cross-Site Scripting
Overview Versions of iobroker.web prior to 2.4.10 are vulnerable to Cross-Site Scripting. The package fails to escape URL parameters that may be reflected in the server response. This can be used by attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to versi...
iobroker.web Cross-Site Scripting Vulnerability
iobroker.web is a Node.js based web server for reading files from ioBroker DB. A cross-site scripting vulnerability exists in iobroker.web. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute...
Cross-site Scripting (XSS)
Overview iobroker.web is a Web server on the base of Node.js and express to read the files from ioBroker DB. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Characters in the GET url path are not properly escaped and can be reflected in the server response. Details...