node-red-contrib-huemagic path traversal vulnerability

node-red-contrib-huemagic is a solution for Foddy Personal Developer. A path traversal vulnerability exists in node-red-contrib-huemagic 3.0.0, which can be exploited to obtain arbitrary files...

Node-RED-Dashboard Path Traversal Vulnerability

A path traversal vulnerability exists in Node-RED-Dashboard before 2.26.2, which can be exploited by an attacker to traverse paths...

Tree-Tracker - Auditing a Log Harvest using IOT Edge Connect and node-red

At long last, Blue Water Farm is generating revenue! Around 20 acres of our land consists of dense, mature hardwood of oak, maple, and beech, and we were able to contract to sell 65 maple and 25 oak trees to a logging company. I won't be retiring from Akamai any time soon from our logging windfal...

Tree-Tracker: Auditing a Log Harvest Using IoT Edge Connect and Node-Red

At long last, Blue Water Farm is generating revenue! Around 20 acres of our land consists of dense, mature hardwood of oak, maple, and beech, and we were able to contract to sell 65 maple and 25 oak trees to a logging company. I won't be retiring from Akamai any time soon from our logging windfal...

@homenet/core (>=4.0.0-beta.15 <=4.0.0-beta.42), @jatahworx/bhive-core (>=1.0.76 <=3.3.1) +29 more potentially affected by unknown CVE via node-red (>=0.10.10 <=0.18.3)

node-red NPM version =0.10.10, =4.0.0-beta.15, =1.0.76, =2.5.0, =0.0.1, =0.0.4, =0.0.0, =0.0.1, =0.1.2, =0.1.5, =1.0.0, =0.9.0, =1.1.0, =1.0.0, =1.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5G6J-8HV4-VFGJ...

Cross-Site Scripting in node-red

Versions of node-red prior to 0.18.6 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize the name field in new items, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 0.18.6 or later...

GHSA-5G6J-8HV4-VFGJ Cross-Site Scripting in node-red

Versions of node-red prior to 0.18.6 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize the name field in new items, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 0.18.6 or later...

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=3.20.7)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-4F9M-PXWH-68HG...

homestar-samsung-smart-tv (>=0.0.1 <=0.0.19), node-red-contrib-samsungtv (>=0.1.0 <=0.1.1) potentially affected by unknown CVE via samsung-remote (=1.2.5)

samsung-remote NPM version =1.2.5 is affected by a known vulnerability. The following packages have a transitive dependency on samsung-remote and may be impacted: - homestar-samsung-smart-tv =0.0.1, =0.1.0, =0.1.1 Source cves: unknown CVE Source advisory: OSV:GHSA-XHJX-MFR6-9RR4...

@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000226 via swagger-ui (>=2.0.17 <=2.1.8-M1)

swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000226 Source advisory: OSV:GHSA-7F59-X49P-V8MQ...

GHSA-8W65-XJC5-9W79 Cross-Site Scripting in node-red

Versions of node-red prior to 0.20.8are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize the name field in new Flows, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 0.18.6 or later...

Cross-Site Scripting in node-red

Versions of node-red prior to 0.20.8are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize the name field in new Flows, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 0.18.6 or later...

CVE-2019-15607

A stored XSS vulnerability is present within node-red version: = 0.20.7 npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc...

CVE-2019-15607

A stored XSS vulnerability is present within node-red version: = 0.20.7 npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc...

Cross site scripting

A stored XSS vulnerability is present within node-red version: = 0.20.7 npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc...

CVE-2019-15607

A stored XSS vulnerability is present within node-red version: = 0.20.7 npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc...

CVE-2019-15607

CVE-2019-15607 is a stored XSS vulnerability in the node-red npm package (versions

Cross-Site Scripting

Overview Versions of node-red prior to 0.20.8are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize the name field in new Flows, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 0.18.6 or later. References - HackerOne...

Cross-Site Scripting (XSS)

node-red is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a user's browser via the name field when renaming a flow in the Workspace dialog...

GHSA-XG59-M7WX-853Q Cross-site Scripting in node-red-dashboard

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...