Lucene search
China National Vulnerability DatabaseCNVD-2022-55059HistoryApr 08, 2022 - 12:00 a.m.
edge.js cross-site scripting vulnerability
2022-04-0800:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
0.001 Low
EPSS
Percentile
31.2%
edge.js is the Node.js template engine. edges.js versions prior to 5.3.2 have a cross-site scripting vulnerability that stems from a type obfuscation vulnerability that can be exploited to bypass input cleanup when the input to be rendered is an array, even if {{ }} is used, and can be used by attackers to launch cross-site scripting attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| edge.js edge.js | lt | 5.3.2 |
Related
cve
cve
CVE-2021-23443
2021-09-21 17:15:09
osv
osv
CVE-2021-23443
2021-09-21 17:15:09
Cross-site Scripting in edge.js
2021-09-22 20:36:46
cvelist
cvelist
CVE-2021-23443 Cross-site Scripting (XSS)
2021-09-21 00:00:00
nvd
nvd
CVE-2021-23443
2021-09-21 17:15:09
veracode
veracode
Cross-Site Scripting (XSS)
2021-09-22 07:11:21
github
github
Cross-site Scripting in edge.js
2021-09-22 20:36:46
prion
prion
Type confusion
2021-09-21 17:15:00