PT-2019-12042 · Iobroker · Iobroker.Web
Published
2019-11-25
·
Updated
2019-12-04
·
CVE-2019-10771
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
iobroker.web versions prior to 2.4.10
Description
The issue arises from characters in the GET URL path not being properly escaped, which can be reflected in the server response. This can lead to Cross-Site Scripting, where attackers can execute arbitrary JavaScript in the victim's browser by exploiting the failure to escape URL parameters.
Recommendations
Upgrade to version 2.4.10 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iobroker.Web