Skip to main content

Node Red Dashboard

3 CVEs product

Monthly

CVE-2022-3783 npm MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, has been found in node-red-dashboard.js of the component ui_text Format Handler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Node Red Dashboard
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-3223 npm HIGH POC PATCH THREAT This Week

Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Node Red Dashboard
NVD GitHub
CVSS 3.1
7.5
EPSS
18.5%
CVE-2019-10756 npm MEDIUM POC PATCH This Month

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Node Red Dashboard
NVD
CVSS 3.1
5.4
EPSS
0.6%
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, has been found in node-red-dashboard.js of the component ui_text Format Handler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Node Red Dashboard
NVD GitHub VulDB
EPSS 19% CVSS 7.5
HIGH POC PATCH THREAT This Week

Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Node Red Dashboard
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Node Red Dashboard
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy