Node Red Dashboard
CVE-2022-3783
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555.
AnalysisAI
A vulnerability, which was classified as problematic, has been found in node-red-dashboard.js of the component ui_text Format Handler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-707. A vulnerability, which was classified as problematic, has been found in node-red-dashboard.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555. Affected products include: Nodered Node-Red-Dashboard.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Node Red Dashboard
View allNode-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. Rated high severity (CVSS 7.
It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notificatio
Same weakness CWE-707 – Improper Neutralization
View allShare
External POC / Exploit Code
Leaving vuln.today