CVE-2022-3783

low-risk
Published 2022-10-31

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555.

Do I need to act?

-
0.30% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Nodered

References (6)

Patch https://github.com/node-red/node-red-dashboard/commit/9305d1a82f19b235dfad24a7d1...
Exploit https://github.com/node-red/node-red-dashboard/issues/772
Permissions Required https://vuldb.com/?id.212555
Patch https://github.com/node-red/node-red-dashboard/commit/9305d1a82f19b235dfad24a7d1...
Exploit https://github.com/node-red/node-red-dashboard/issues/772
Permissions Required https://vuldb.com/?id.212555
22
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal