6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.8%
It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default.
snyk.io/vuln/SNYK-JS-NODEREDDASHBOARD-471939