Reflected Cross-Site Scripting in redis-commander
Affected versions of redis-commander contain a cross-site scripting vulnerability in the highlighterId paramter of the clipboard.swf component on hosts serving Redis Commander.
Advisories for Npm/Redis-Commander package
2020
2018
Reflected Cross-Site Scripting
Malicious input in the highlighterId parameter of the clipboard.swf component can be leveraged in a reflected XSS on hosts serving Redis Commander. Mitigating factors: Flash must be installed/enabled for this to work.