Description

The web application exposes Node.js Inspector port. It's not recommended to have Node.js Inspector service publicly accessible as the debugger has full access to the Node.js execution environment and an attacker may be able to execute arbitrary javascript code.

Remediation

Disable Inspector or restrict access to it

References

Debugging Guide

Related Vulnerabilities

JBoss JMX management console

WordPress Plugin WP Easy full backup Information Disclosure (1.4)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Multiple Vulnerabilities (2.05.01)

Twisted Web HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21712)

WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Configuration Code Execution