CVE-2016-10537

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the Model#Escape function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as < to <.

Ссылки

https://github.com/jashkenas/backbone/compare/0.3.3...0.5.0#diff-0d56d0d310de7ff18b3cef9c2f8f75dcL1008
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/108
Third Party Advisory
https://github.com/jashkenas/backbone/compare/0.3.3...0.5.0#diff-0d56d0d310de7ff18b3cef9c2f8f75dcL1008
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/108
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:backbone_project:backbone:*:*:*:*:*:node.js:*:*

Версия до 0.3.3 (включая)

EPSS

Процентиль: 41%

0.00191

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2016-10537

CVSS3: 5.4

ubuntu

больше 7 лет назад

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.

CVE-2016-10537

CVSS3: 5.4

debian

больше 7 лет назад

backbone is a module that adds in structure to a JavaScript heavy appl ...

GHSA-j6p2-cx3w-6jcp

CVSS3: 5.4

github

почти 7 лет назад

Cross-Site Scripting in backbone

EPSS

Процентиль: 41%

0.00191

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79