4 matches found
@27works/posto (=2.0.2), jstransformer-bracket-template (=0.0.1) +1 more potentially affected by CVE-2018-3735 via bracket-template (=1.1.5)
bracket-template NPM version =1.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on bracket-template and may be impacted: - @27works/posto =2.0.2 - jstransformer-bracket-template =0.0.1 - roo-bid =0.0.5, =0.0.7 Source cves: CVE-2018-3735 Source advisor...
CVE-2018-3735
bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template...
CVE-2018-3735
The CVE-2018-3735 entry describes a reflected XSS vulnerability in the bracket-template library, triggered when a value from a GET parameter is interpolated into a template without proper sanitization. Multiple connected sources corroborate this (e.g., NVD, GHSA entry, and OSV records), noting th...
CVE-2018-3735
bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template...