CVE-2019-15607: Cross-site Scripting

January 28, 2020 (updated January 29, 2020)

A stored XSS vulnerability is present within the node-red npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc.

References

hackerone.com/reports/681986
nvd.nist.gov/vuln/detail/CVE-2019-15607

Detect and mitigate CVE-2019-15607 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →