Lucene search
K

386 matches found

Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.16 views

Fedora 22 : nodejs-handlebars-4.0.5-1.fc22 (2015-8b6882339c)

Security fix for nodejs-handlebars: mustache: handlebars: Quoteless Attributes in Templates can lead to Content Injection ---- New upstream release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted t...

5.5AI score
Exploits0References2
RubySec
RubySec
added 2016/01/14 12:0 a.m.38 views

Ember.js XSS Vulnerability with User-Supplied JSON

By default, Ember will escape any values in Handlebars templates that use double curlies value. Developers can specifically opt out of this escaping behavior by passing an instance of SafeString rather than a raw string, which tells Ember that it should not escape the string because the developer...

6.1CVSS1.4AI score0.00816EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2015/12/29 12:0 a.m.11 views

Fedora Update for nodejs-handlebars FEDORA-2015-8

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2015/12/28 11:5 p.m.13 views

[SECURITY] Fedora 23 Update: nodejs-handlebars-4.0.5-1.fc23

Handlebars.js is an extension to the Mustache templating language created by Chris Wanstrath. Handlebars.js and Mustache are both logicless templating languages that keep the view and the code separated like we all know they s hould be...

1.4AI score
Exploits0
Node.js
Node.js
added 2015/12/14 4:51 p.m.156 views

Cross-Site Scripting

Overview Versions of handlebars prior to 4.0.0 are affected by a cross-site scripting vulnerability when attributes in handlebar templates are not quoted. Proof of Concept Template: Input: 'foo' : 'test.com onload=alert1' Rendered result: Recommendation Update to version 4.0.0 or later...

4.3CVSS2.5AI score0.03001EPSS
Exploits0Affected Software1
RubySec
RubySec
added 2014/01/14 12:0 a.m.30 views

Ember.js Potential XSS Exploit With User-Supplied Data When Binding Primitive Values

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, we have identified a vulnerability that could lead to unescaped content being inserted into the innerHTML string without being sanitized. When a primitive value...

5.4CVSS1.2AI score0.00686EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder