A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:nodered:node-red:*:*:*:*:*:node.js:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "0.20.7"
}
]
}