Description
A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc.
Remediation
References
https://hackerone.com/reports/681986
Related Vulnerabilities
CVE-2020-28276 Vulnerability in npm package deep-set
CVE-2022-24846 Vulnerability in maven package org.geowebcache:gwc-diskquota-jdbc
CVE-2023-46498 Vulnerability in npm package @evershop/evershop
CVE-2018-1999020 Vulnerability in maven package org.onosproject:onos-core-common
CVE-2020-7712 Vulnerability in maven package org.webjars.npm:json