CVE-2022-3783

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

CVE-2022-3783

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

node-red-dashboard 跨站脚本漏洞

node-red-dashboard is a package for quickly creating real-time data dashboards. A security vulnerability exists in node-red-dashboard that stems from some unknown processing in the components/ui-component/ui-component-ctrl.js file in the component uitext Format Handler being affected, which could...

CVE-2022-3783

The CVE-2022-3783 issue affects node-red-dashboard, specifically the ui_text Format Handler’s file components/ui-component/ui-component-ctrl.js. The vulnerability enables cross-site scripting (XSS) and could be exploited remotely. Public references indicate a patch exists (patch SHA 9305d1a82f19b...

CVE-2022-3783 node-red-dashboard ui_text Format ui-component-ctrl.js cross site scripting

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

PT-2022-24104 · Node Red · Node-Red-Dashboard

Name of the Vulnerable Software and Affected Versions: node-red-dashboard versions prior to 3.2.0 Description: A cross-site scripting issue has been found in the node-red-dashboard, affecting the ui text Format Handler component, specifically in the file...

CVE-2022-3783 node-red-dashboard ui_text Format ui-component-ctrl.js cross site scripting

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

Malicious Package

Overview node-red-contrib-aws-stream-manager is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerab...

@dolittle/node-red (>=2.0.0 <=2.2.5), @dolittle/node-red-infor-m3 (>=2.0.1 <=2.1.5) +50 more potentially affected by CVE-2019-10062 via aurelia-framework (>=1.0.0 <=1.3.1)

aurelia-framework NPM version =1.0.0, =2.0.0, =2.0.1, =1.2.1, =1.0.0, =0.1.9, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.11 and more Source cves: CVE-2019-10062 Source advisory: OSV:GHSA-M6J2-V3GQ-45R5...

Arbitrary file read vulnerability exists in Node-RED (CNVD-2021-54086)

Node-RED is a tool for building Internet of Things IOT applications that focuses on simplifying the "connectivity" of code blocks to perform tasks. Node-RED suffers from an arbitrary file read vulnerability that can be exploited by an attacker to obtain sensitive information...

Arbitrary File Read Vulnerability in Node-RED

Node-RED is a programming tool for connecting hardware devices, APIs and online services together in new and interesting ways. It provides a browser-based editor that makes it easy to connect streams together using a palette of various nodes that can be deployed and put into operation with a sing...

Node-RED-Dashboard 任意文件读取漏洞 （CVE-2021-3223）

...

CommScope Ruckus IoT Controller 缓冲区错误漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A buffer error vulnerability exists in the node-red...

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write

KL-001-2021-006: CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write Title: CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write Advisory ID: KL-001-2021-006 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-006.t...

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write Vulnerability

The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller...

@chat21/chat21-server (>=0.1.0 <=0.2.54), @coaty/core (>=2.0.0 <=2.0.1) +21 more potentially affected by CVE-2020-13410 via aedes (>=0.11.1 <=0.41.0)

aedes NPM version =0.11.1, =0.1.0, =2.0.0, =2.0.101, =0.0.6, =1.6.0, =1.0.0, =0.1.0, =0.4.9-v, =0.0.1, =0.5.1, =0.0.1, =2.2.7, =1.0.2, =0.2.0, =0.2.1 and more Source cves: CVE-2020-13410 Source advisory: OSV:GHSA-GH78-48H3-FRJQ...

active-window-listener (>=1.1.0 <=1.1.1), node-red-contrib-writeexif (>=0.0.1 <=1.0.1) +3 more potentially affected by unknown CVE via exiftool-vendored (>=11.5.0 <=14.0.0)

exiftool-vendored NPM version =11.5.0, =1.1.0, =0.0.1, =1.4.2, =2.0.0, =0.4.0, =2.0.1 Source cves: unknown CVE Source advisory: OSV:GHSA-4WHQ-R978-2X68...

Path Traversal in node-red-contrib-huemagic

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...

GHSA-FRPW-JRWX-HCFV Path Traversal in node-red-contrib-huemagic

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...