node-red-dashboard contains a cross-site scripting vulnerability. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The attack may be initiated remotely. The issue is patched in version 3.2.0.
GSA_kwCzR0hTQS12cnY5LTN4M3ctZmZ4d84AAvna
node-red-dashboard vulnerable to Cross-site Scripting
| Affected Packages | Affected Versions | Fixed Versions | |
|---|---|---|---|
|
npm:node-red-dashboard
PURL:
pkg:npm/node-red-dashboard
|
< 3.2.0 | 3.2.0 | |
Affected Version RangesAll affected versions2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.8, 2.3.9, 2.3.10, 2.3.11, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.8.0, 2.8.1, 2.8.2, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.7, 2.9.8, 2.10.0, 2.10.1, 2.11.0, 2.12.0, 2.12.1, 2.12.2, 2.13.0, 2.13.1, 2.13.2, 2.14.0, 2.15.0, 2.15.1, 2.15.2, 2.15.3, 2.15.4, 2.15.5, 2.16.0, 2.16.1, 2.16.2, 2.16.3, 2.17.0, 2.17.1, 2.18.0, 2.19.0, 2.19.1, 2.19.2, 2.19.3, 2.19.4, 2.20.0, 2.21.0, 2.22.0, 2.22.1, 2.23.0, 2.23.1, 2.23.2, 2.23.3, 2.23.4, 2.23.5, 2.24.0, 2.24.1, 2.24.1-beta, 2.24.2, 2.25.0, 2.26.0, 2.26.1, 2.26.2, 2.27.0, 2.28.0, 2.28.1, 2.28.2, 2.29.0, 2.29.1, 2.29.2, 2.29.3, 2.30.0, 3.0.0-beta, 3.0.1-beta, 3.0.2-beta, 3.0.3-beta, 3.0.4, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7 All unaffected versions3.2.0, 3.2.2, 3.2.3, 3.3.0, 3.3.1, 3.4.0, 3.5.0, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6 |
|||