CVE-2022-3783

LOW

Nodered Node-red-dashboard < 3.2.0 - XSS

Title source: rule

Description

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555.

References (3)

[Patch, Third Party Advisory] https://github.com/node-red/node-red-dashboard/commit/9305d1a82f19b235dfad24a7d1dd4ed244db7743

View Patch ZIP pw:eip

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/node-red/node-red-dashboard/issues/772

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?id.212555

Scores

CVSS v3 3.5

EPSS 0.0032

EPSS Percentile 54.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-707

Status published

Products (2)

nodered/node-red-dashboard < 3.2.0

npm/node-red-dashboard 0 - 3.2.0npm

Published Oct 31, 2022

Tracked Since Feb 18, 2026