CVE-2022-3783
published 2022-10-31CVE-2022-3783: A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file…
PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.60%
44.2th percentile
A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nodered | node-red-dashboard | < 3.2.0 | 3.2.0 |
| nodered | node-red-dashboard | >= 0 < 3.2.0 | 3.2.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
node-red-dashboard vulnerable to Cross-site Scripting
ghsa·2022-11-01
CVE-2022-3783 [MEDIUM] CWE-79 node-red-dashboard vulnerable to Cross-site Scripting
node-red-dashboard vulnerable to Cross-site Scripting
node-red-dashboard contains a cross-site scripting vulnerability. This issue affects some unknown processing of the file `components/ui-component/ui-component-ctrl.js` of the component ui_text Format Handler. The attack may be initiated remotely. The issue is patched in version 3.2.0.
OSV
node-red-dashboard vulnerable to Cross-site Scripting
osv·2022-11-01
CVE-2022-3783 [MEDIUM] node-red-dashboard vulnerable to Cross-site Scripting
node-red-dashboard vulnerable to Cross-site Scripting
node-red-dashboard contains a cross-site scripting vulnerability. This issue affects some unknown processing of the file `components/ui-component/ui-component-ctrl.js` of the component ui_text Format Handler. The attack may be initiated remotely. The issue is patched in version 3.2.0.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/node-red/node-red-dashboard/commit/9305d1a82f19b235dfad24a7d1dd4ed244db7743https://github.com/node-red/node-red-dashboard/issues/772https://vuldb.com/?id.212555https://github.com/node-red/node-red-dashboard/commit/9305d1a82f19b235dfad24a7d1dd4ed244db7743https://github.com/node-red/node-red-dashboard/issues/772https://vuldb.com/?id.212555
2022-10-31
Published