CVE-2022-3783
LOWnode-red-dashboard < 3.2.0 - Cross-Site Scripting in ui_text Format Handler
Title source: llmDescription
A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555.
References (3)
Core 3
Core References
Patch, Third Party Advisory
https://github.com/node-red/node-red-dashboard/commit/9305d1a82f19b235dfad24a7d1dd4ed244db7743
Exploit, Issue Tracking, Third Party Advisory
https://github.com/node-red/node-red-dashboard/issues/772
Permissions Required, Third Party Advisory, VDB Entry
https://vuldb.com/?id.212555
Scores
CVSS v3
3.5
EPSS
0.0060
EPSS Percentile
43.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
CWE-707
Status
published
Products (2)
nodered/node-red-dashboard
< 3.2.0
npm/node-red-dashboard
0 - 3.2.0npm
Published
Oct 31, 2022
Tracked Since
Feb 18, 2026