Cross-Site Scripting in iobroker.web

Versions of iobroker.web prior to 2.4.10 are vulnerable to Cross-Site Scripting. The package fails to escape URL parameters that may be reflected in the server response. This can be used by attackers to execute arbitrary JavaScript in the victim's browser.

Recommendation

Upgrade to version 2.4.10 or later.

References

Reviewed Dec 2, 2019

Published to the GitHub Advisory Database Dec 2, 2019

Last updated Jan 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Recommendation

References

Severity

CVSS base metrics

Weaknesses

CVE ID

GHSA ID

Source code