Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyamMtNHB3ci0zdnA3
Cross-Site Scripting in iobroker.web
Versions of iobroker.web prior to 2.4.10 are vulnerable to Cross-Site Scripting. The package fails to escape URL parameters that may be reflected in the server response. This can be used by attackers to execute arbitrary JavaScript in the victim's browser.
Recommendation
Upgrade to version 2.4.10 or later.
Permalink: https://github.com/advisories/GHSA-6rjc-4pwr-3vp7JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyamMtNHB3ci0zdnA3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 4 years ago
Updated: over 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-6rjc-4pwr-3vp7, CVE-2019-10771
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10771
- https://snyk.io/vuln/SNYK-JS-IOBROKERWEB-534971
- https://www.npmjs.com/advisories/1345
- https://github.com/advisories/GHSA-6rjc-4pwr-3vp7
Affected Packages
npm:iobroker.web
Dependent packages: 8Dependent repositories: 5
Downloads: 19,632 last month
Affected Version Ranges: < 2.4.10
Fixed in: 2.4.10
All affected versions: 0.1.7, 0.1.8, 0.1.9, 0.1.10, 0.1.11, 0.1.12, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.3.0, 0.3.1, 0.4.1, 0.4.2, 0.4.3, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.4.1, 1.4.2, 1.4.3, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.5.1, 1.5.3, 1.7.0, 1.7.1, 1.7.2, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 2.0.0, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1.3, 2.1.4, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.4.0, 2.4.1, 2.4.4, 2.4.5, 2.4.6, 2.4.8, 2.4.9
All unaffected versions: 2.4.10, 3.0.0, 3.0.1, 3.0.2, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.1.0, 3.1.1, 3.2.0, 3.2.3, 3.3.0, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.7, 3.4.8, 3.4.9, 3.4.10, 3.4.11, 3.4.12, 3.4.13, 3.4.14, 3.4.15, 3.4.16, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.0, 4.2.1, 4.2.3, 4.3.0, 5.0.0, 5.0.1, 5.0.3, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.8, 5.2.9, 5.2.10, 5.2.12, 5.3.0, 5.3.1, 5.4.0, 5.4.1, 5.4.3, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 6.0.3, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.10, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5