13 matches found
CVE-2021-32818
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
Haml cross-site scripting vulnerability (CNVD-2021-47372)
haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...
Haml Cross-Site Scripting Vulnerability
haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...
@27works/posto (=2.0.2), @lluis/codo (>=2.1.2 <=2.1.3) +71 more potentially affected by CVE-2021-32818 via haml-coffee (>=0.5.5 <=1.14.1)
haml-coffee NPM version =0.5.5, =2.1.2, =0.0.2, =2.1.3, =0.0.1, =0.0.1, =0.2.0, =0.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.8 - codo-theme-yaml =0.1.0 and more Source cves: CVE-2021-32818 Source advisory: OSV:GHSA-M7MF-VM62-7X3Q...
Insecure template handling in haml-coffee
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
GHSA-M7MF-VM62-7X3Q Insecure template handling in haml-coffee
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
Remote Code Execution
haml-coffee is vulnerable to remote code execution. A remote attacker is able to execute arbitrary code in downstream applications via the customHtmlEscape parameter. Additionally, control over the escapeHtml parameter allows an attacker to perform cross-site scripting attacks...
CVE-2021-32818
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
CVE-2021-32818
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
Cross site scripting
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
CVE-2021-32818
Affected software: haml-coffee (JavaScript templating solution). Vulnerability summary: A vulnerable application that passes user-controlled request objects to the haml-coffee template engine may suffer remote code execution. Additionally, config pollution can expose the escapeHtml control, preve...
CVE-2021-32818 Remote code execution and Reflected cross site scripting in haml-coffee
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
haml 跨站脚本漏洞
haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...