Lucene search
K

125 matches found

CNVD
CNVD
added 2017/11/17 12:0 a.m.4 views

nodejs ejs remote code execution vulnerability

nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A remote code execution vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.3, which stems from weak input validation. A remote attacker could...

10CVSS8.2AI score0.06328EPSS
Exploits1References1
Veracode
Veracode
added 2016/12/07 10:16 a.m.5 views

Cross-Site Scripting (XSS)

ejs is vulnerable to cross-site scripting XSS attacks. A malicious user can edit the localNames variable in the OPTS array which renders any arbitrary javascript in that variable...

5.8AI score
Exploits0
Snyk
Snyk
added 2016/12/06 12:0 a.m.4 views

Denial of Service (DoS)

Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Denial of Service by letting the attacker under certain conditions control and override the localNames option causing it to crash. You can read more about this vulnerability on the Snyk blog...

5.9CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2016/12/06 12:0 a.m.3 views

Cross-site Scripting (XSS)

Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Cross-site Scripting by letting the attacker under certain conditions control and override the filename option causing it to render the value as is, without escaping it. You can read more...

5.9CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2016/12/01 6:44 p.m.3 views

Remote Code Execution (RCE)

Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Remote Code Execution by letting the attacker under certain conditions control the source folder from which the engine renders include files. You can read more about this vulnerability on th...

8.1CVSS7.7AI score
Exploits0References2
Rows per page
Query Builder