Описание
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mustache.js | unfixed | package |
Примечания
node-handlebars only in experimental for now, fixed in 4.0.0
libv8 is not covered by security support
EPSS
Процентиль: 40%
0.0018
Низкий
Связанные уязвимости
CVSS3: 6.1
ubuntu
около 9 лет назад
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
CVSS3: 6.1
nvd
около 9 лет назад
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
EPSS
Процентиль: 40%
0.0018
Низкий