Описание
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mustache.js | unfixed | package |
Примечания
node-handlebars only in experimental for now, fixed in 4.0.0
libv8 is not covered by security support
Связанные уязвимости
CVSS3: 6.1
ubuntu
около 9 лет назад
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
CVSS3: 6.1
nvd
около 9 лет назад
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
