GHSA-6rjc-4pwr-3vp7

Source

https://github.com/advisories/GHSA-6rjc-4pwr-3vp7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-6rjc-4pwr-3vp7/GHSA-6rjc-4pwr-3vp7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6rjc-4pwr-3vp7

Aliases

CVE-2019-10771

Published

2019-12-02T18:14:30Z

Modified

2026-03-13T22:11:06.874886Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-Site Scripting in iobroker.web

Details

Versions of iobroker.web prior to 2.4.10 are vulnerable to Cross-Site Scripting. The package fails to escape URL parameters that may be reflected in the server response. This can be used by attackers to execute arbitrary JavaScript in the victim's browser.

Recommendation

Upgrade to version 2.4.10 or later.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2019-12-02T01:13:05Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "nvd_published_at": null
}

References

Affected packages

npm / iobroker.web

Package

Name: iobroker.web; View open source insights on deps.dev
Purl: pkg:npm/iobroker.web

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.10

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-6rjc-4pwr-3vp7/GHSA-6rjc-4pwr-3vp7.json"