Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) node-red is a visual tool for Internet of Things. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). `node-red` has flows to demonstrate the Inject, Debug and Function nodes and multiple flows can be defined. When renaming the flow - malicious javascript can be inserted into the `Name` field. How to fix Cross-site Scripting (XSS)? Upgrade `node-red` to version 0.20.7 or higher.	<0.20.7
H Cross-site Scripting (XSS) `node-red` is a visual tool for wiring the Internet of Things. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. How to fix Cross-site Scripting (XSS)? Upgrade `node-red` to version 0.18.6 or higher.	<0.18.6

Cross-site Scripting (XSS)

node-red is a visual tool for Internet of Things.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). node-red has flows to demonstrate the Inject, Debug and Function nodes and multiple flows can be defined. When renaming the flow - malicious javascript can be inserted into the Name field.

How to fix Cross-site Scripting (XSS)?

Upgrade node-red to version 0.20.7 or higher.

<0.20.7

Cross-site Scripting (XSS)

node-red is a visual tool for wiring the Internet of Things.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks.

How to fix Cross-site Scripting (XSS)?

Upgrade node-red to version 0.18.6 or higher.

<0.18.6

Go back to all versions of this package