3 matches found
CVE-2021-3223
CVE-2021-3223 affects Node-RED-Dashboard prior to 2.26.2. A local file inclusion vulnerability arises from directory traversal in ui_base/js/..%2f, allowing an attacker to read files on the server. This is described across multiple sources (NVD entry references LFI with CVSS v3.1 base score 7.5; ...
CVE-2022-3783
The CVE-2022-3783 issue affects node-red-dashboard, specifically the ui_text Format Handler’s file components/ui-component/ui-component-ctrl.js. The vulnerability enables cross-site scripting (XSS) and could be exploited remotely. Public references indicate a patch exists (patch SHA 9305d1a82f19b...
CVE-2019-10756
CVE-2019-10756 affects node-red-dashboard prior to version 2.17.0 where the ui_notification node accepts raw HTML by default, enabling JavaScript injection and thus cross-site scripting (XSS). The vulnerability stems from the ability to inject script through the notification UI component, as conf...