An issue exists in nos client version 0.6.6, allows remote malicious users to escalate privileges via getRPCEndpoint.js.
nos nos client 0.6.6