Описание
Cross-Site Scripting in iobroker.web
Versions of iobroker.web prior to 2.4.10 are vulnerable to Cross-Site Scripting. The package fails to escape URL parameters that may be reflected in the server response. This can be used by attackers to execute arbitrary JavaScript in the victim's browser.
Recommendation
Upgrade to version 2.4.10 or later.
Пакеты
Наименование
iobroker.web
npm
Затронутые версииВерсия исправления
< 2.4.10
2.4.10
Связанные уязвимости
CVSS3: 6.1
nvd
около 6 лет назад
Characters in the GET url path are not properly escaped and can be reflected in the server response.