CVE-2019-10771

Name of the Vulnerable Software and Affected Versions iobroker.web versions prior to 2.4.10

Description The issue arises from characters in the GET URL path not being properly escaped, which can be reflected in the server response. This can lead to Cross-Site Scripting, where attackers can execute arbitrary JavaScript in the victim's browser by exploiting the failure to escape URL parameters.

Recommendations Upgrade to version 2.4.10 or later.