Gowri Aradhya

**Name of the Vulnerable Software and Affected Versions** node-red-dashboard versions prior to 3.2.0 **Description** A cross-site scripting issue has been found in the node-red-dashboard, affecting the ui text Format Handler component, specifically in the file components/ui-component/ui-component-ctrl.js. This issue can be exploited remotely, leading to cross-site scripting. The attack may be initiated remotely. **Recommendations** For versions prior to 3.2.0, it is recommended to update to version 3.2.0 or later to fix this issue. As a temporary workaround, consider restricting access to the ui text Format Handler component until a patch is applied.