4 matches found
3loc (>=0.2.0 <=0.4.0), @bb-cli/bb-doc (>=2.0.1-pr.1 <=2.0.1-pr.13) +255 more potentially affected by CVE-2016-10547 via nunjucks (>=0.1.10 <=2.4.2)
nunjucks NPM version =0.1.10, =0.2.0, =2.0.1-pr.1, =1.0.0, =0.0.22, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.2, =1.0.3 and more Source cves: CVE-2016-10547 Source advisory: OSV:GHSA-F7PH-P5RV-PHW2...
CVE-2016-10547
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting XSS vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as name=alert1, it is possible to...
CVE-2016-10547
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting XSS vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as name=alert1, it is possible to...
CVE-2016-10547
CVE-2016-10547 affects the JavaScript templating engine Nunjucks. Versions ≤ 2.4.2 expose an XSS in autoescape mode: using an array for keys (e.g., name[]=) can bypass escaping and inject content into the DOM. The issue is tied to how template variables are escaped in autoescape mode (noted acros...