node-red prior to 0.20.8are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize the
Upgrade to version 0.18.6 or later.
publishedAdvisory PublishedJan 30th, 2020
reportedReported by Vineet Kumar PandeyJan 17th, 2020