0.001 Low
EPSS
Percentile
25.0%
node-red is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a user’s browser via the name field when renaming a flow in the Workspace dialog.
name
discourse.nodered.org/t/node-red-0-20-8-released/15192
hackerone.com/reports/681986