CVE-2019-10756

描述

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default.

受影響套件(1)

• npm/node-red-dashboardfrom 0, < 2.17.0

CVSS 分數

參考連結(2)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10756
• WEBhttps://snyk.io/vuln/SNYK-JS-NODEREDDASHBOARD-471939