Node RED Dashboard <2.26.2 - Local File Inclusion

NodeRED-Dashboard before 2.26.2 is vulnerable to local file inclusion because it allows uibase/js/..%2f directory traversal to read files. id: CVE-2021-3223 info: name: Node RED Dashboard 2.26.2 - Local File Inclusion author: gy741,pikpikcu severity: high description: NodeRED-Dashboard before...

EUVD-2019-0719

Malware in sbrugna...

EUVD-2022-7442

Malicious code in bioql PyPI...

CVE-2022-3783

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

CVE-2021-3223

Node-RED-Dashboard before 2.26.2 allows uibase/js/..%2f directory traversal to read files...

CVE-2019-10756

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...

VulnCheck KEV: CVE-2021-3223

Node-RED-Dashboard before 2.26.2 allows uibase/js/..%2f directory traversal to read files...

@automatacontrols/automata-thermostat (>=1.0.7 <=1.0.12), @clysema/node-red-contrib-ui-week-schedule (>=0.1.0 <=0.1.4) +30 more potentially affected by CVE-2022-3783 via node-red-dashboard (>=2.13.2 <=3.1.7)

node-red-dashboard NPM version =2.13.2, =1.0.7, =0.1.0, =0.0.1, =1.0.0, =2.0.0, =0.3.0, =0.0.5, =1.0.5-alpha.11, =2.5.0, =0.0.3, =1.2.0, =0.5.1, =0.8.0 - mtr-dashboard =0.0.1 and more Source cves: CVE-2022-3783 Source advisory: OSV:GHSA-VRV9-3X3W-FFXW...

GHSA-VRV9-3X3W-FFXW node-red-dashboard vulnerable to Cross-site Scripting

node-red-dashboard contains a cross-site scripting vulnerability. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The attack may be initiated remotely. The issue is patched in version 3.2.0...

node-red-dashboard vulnerable to Cross-site Scripting

node-red-dashboard contains a cross-site scripting vulnerability. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The attack may be initiated remotely. The issue is patched in version 3.2.0...

CVE-2022-3783

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

node-red-dashboard 跨站脚本漏洞

node-red-dashboard is a package for quickly creating real-time data dashboards. A security vulnerability exists in node-red-dashboard that stems from some unknown processing in the components/ui-component/ui-component-ctrl.js file in the component uitext Format Handler being affected, which could...

CVE-2022-3783 node-red-dashboard ui_text Format ui-component-ctrl.js cross site scripting

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

CVE-2022-3783

The CVE-2022-3783 issue affects node-red-dashboard, specifically the ui_text Format Handler’s file components/ui-component/ui-component-ctrl.js. The vulnerability enables cross-site scripting (XSS) and could be exploited remotely. Public references indicate a patch exists (patch SHA 9305d1a82f19b...

PT-2022-24104 · Node Red · Node-Red-Dashboard

Name of the Vulnerable Software and Affected Versions: node-red-dashboard versions prior to 3.2.0 Description: A cross-site scripting issue has been found in the node-red-dashboard, affecting the ui text Format Handler component, specifically in the file...

CVE-2022-3783 node-red-dashboard ui_text Format ui-component-ctrl.js cross site scripting

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

Path Traversal

Overview In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. In /nodes/uibase.js, the URL is matched with '/uibase/js/' and then passed to path.join. The lack of verification of the final path leads to a path traversal vulnerability. Recommendation Upgrade to fix version...

GHSA-2HW7-MXVJ-M455 Path traversal in Node-RED-Dashboard

In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. It allows uibase/js/..%2f directory traversal to read files...

@ia-cloud/node-red-contrib-ia-cloud-dashboard (>=0.0.1 <=0.1.4), @ia-cloud/node-red-dashboard-2-ia-cloud (>=1.0.0 <=1.0.1) +1 more potentially affected by CVE-2021-3223 via node-red-dashboard (>=2.13.2 <=2.17.0)

node-red-dashboard NPM version =2.13.2, =0.0.1, =1.0.0, =0.1.0, =0.3.0 Source cves: CVE-2021-3223 Source advisory: OSV:GHSA-2HW7-MXVJ-M455...