CVE-2019-10771
Cross-Site Scripting in iobroker.web
6.1
MEDIUM
CVSS 3.1
EPSS 0.24%
Description
Versions of `iobroker.web` prior to 2.4.10 are vulnerable to Cross-Site Scripting. The package fails to escape URL parameters that may be reflected in the server response. This can be used by attackers to execute arbitrary JavaScript in the victim's browser. ## Recommendation Upgrade to version 2.4.10 or later.
How to fix CVE-2019-10771
To remediate CVE-2019-10771, upgrade the affected package to a fixed version below.
- —upgrade to 2.4.10 or later
Is CVE-2019-10771 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.4.10
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |