0.001 Low
EPSS
Percentile
25.0%
node-red-dashboard is vulnerable to cross-site scripting (XSS). The vulnerability exists as the ui_notification node accepts raw HTML code by default.
github.com/node-red/node-red-dashboard/commit/870382792f679b0a6bbf45b29ca7f6428e51623b