CVE-2019-15607

CVE-2019-15607

Vendor N/A
Product node-red
Weakness CWE-79 · XSS
Published January 28, 2020
Last update August 5, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc.

Key dates

02Disclosure timeline

January 28, 2020 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-2337 Easy Testimonials <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-2628 DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting CVE-2025-58353 Promptcraft Forge Studio: Complete Sanitizer Bypass Enables XSS via Overlapping Patterns CVE-2025-3385 LinZhaoguan pb-cms Classification Management Page cross site scripting CVE-2025-13463 Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid