edge.js is the Node.js template engine. edges.js versions prior to 5.3.2 have a cross-site scripting vulnerability that stems from a type obfuscation vulnerability that can be exploited to bypass input cleanup when the input to be rendered is an array, even if {{ }} is used, and can be used by attackers to launch cross-site scripting attacks.
CPE | Name | Operator | Version |
---|---|---|---|
edge.js edge.js | lt | 5.3.2 |