Количество 2
Количество 2
CVE-2016-10547
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM.
GHSA-f7ph-p5rv-phw2
Cross-Site Scripting in nunjucks
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2016-10547 Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM. | CVSS3: 6.1 | 0% Низкий | больше 7 лет назад |
| GHSA-f7ph-p5rv-phw2 Cross-Site Scripting in nunjucks | 0% Низкий | больше 7 лет назад |
Уязвимостей на страницу