Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2018/11/06 11:13 p.m.6 views

3loc (>=0.2.0 <=0.4.0), @bb-cli/bb-doc (>=2.0.1-pr.1 <=2.0.1-pr.13) +255 more potentially affected by CVE-2016-10547 via nunjucks (>=0.1.10 <=2.4.2)

nunjucks NPM version =0.1.10, =0.2.0, =2.0.1-pr.1, =1.0.0, =0.0.22, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.2, =1.0.3 and more Source cves: CVE-2016-10547 Source advisory: OSV:GHSA-F7PH-P5RV-PHW2...

6.1CVSS6.3AI score0.0144EPSS
Exploits1
OSV
OSV
added 2018/05/31 8:29 p.m.21 views

CVE-2016-10547

Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting XSS vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as name=alert1, it is possible to...

6.1CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.31 views

CVE-2016-10547

Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting XSS vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as name=alert1, it is possible to...

6AI score0.0144EPSS
Exploits1References3
CVE
CVE
added 2018/05/31 8:0 p.m.65 views

CVE-2016-10547

CVE-2016-10547 affects the JavaScript templating engine Nunjucks. Versions ≤ 2.4.2 expose an XSS in autoescape mode: using an array for keys (e.g., name[]=) can bypass escaping and inject content into the DOM. The issue is tied to how template variables are escaped in autoescape mode (noted acros...

6.1CVSS6AI score0.0144EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder