Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Node\-Red\-Dashboard
(Nodered)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-31 | CVE-2022-3783 | A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555. | Node\-Red\-Dashboard | 6.1 | ||
| 2021-01-26 | CVE-2021-3223 | Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. | Node\-Red\-Dashboard | 7.5 | ||
| 2019-10-08 | CVE-2019-10756 | It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default. | Node\-Red\-Dashboard | N/A |