Lucene search
+L

EUVD-2018-0746

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType 
euvd
 euvd
🔗 euvd.enisa.europa.eu👁 5 Views

Nunjucks template engine versions 2.4.2 and lower have XSS vulnerability in autoescape mode.

Related
Affected
Refs
ReporterTitlePublishedViews
Family
circl
CVE-2016-10547
6 Nov 201823:13
circl
cve
CVE-2016-10547
31 May 201820:00
cve
cvelist
CVE-2016-10547
31 May 201820:00
cvelist
github
Cross-Site Scripting in nunjucks
6 Nov 201823:13
github
nodejs
Cross-Site Scripting
8 Sep 201614:56
nodejs
nvd
CVE-2016-10547
31 May 201820:29
nvd
osv
GHSA-F7PH-P5RV-PHW2 Cross-Site Scripting in nunjucks
6 Nov 201823:13
osv
prion
Cross site scripting
31 May 201820:29
prion
vulnersosv
3loc (>=0.2.0 <=0.4.0), @bb-cli/bb-doc (>=2.0.1-pr.1 <=2.0.1-pr.13) +255 more potentially affected by CVE-2016-10547 via nunjucks (>=0.1.10 <=2.4.2)
6 Nov 201823:13
vulnersosv
[
  {
    "enisaIdVendor": [
      {
        "id": "0a24dffe-b8a9-3a0c-9d18-a7939f8f2f1c",
        "vendor": {
          "name": "HackerOne"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "8201e9a8-99bf-3c6f-9000-55aedc7b6956",
        "product": {
          "name": "nunjucks node module"
        },
        "product_version": "≤2.4.2"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

07 Oct 2025 00:30Current
6.2Medium risk
Vulners AI Score6.2
CVSS 36.1
CVSS 24.3
EPSS0.0144
5