13 matches found
CVE-2021-32818
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
Haml Cross-Site Scripting Vulnerability
haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...
Haml cross-site scripting vulnerability (CNVD-2021-47372)
haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...
Insecure template handling in haml-coffee
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
@27works/posto (=2.0.2), @lluis/codo (>=2.1.2 <=2.1.3) +71 more potentially affected by CVE-2021-32818 via haml-coffee (>=0.5.5 <=1.14.1)
haml-coffee NPM version =0.5.5, =2.1.2, =0.0.2, =2.1.3, =0.0.1, =0.0.1, =0.2.0, =0.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.8 - codo-theme-yaml =0.1.0 and more Source cves: CVE-2021-32818 Source advisory: OSV:GHSA-M7MF-VM62-7X3Q...
GHSA-M7MF-VM62-7X3Q Insecure template handling in haml-coffee
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
Remote Code Execution
haml-coffee is vulnerable to remote code execution. A remote attacker is able to execute arbitrary code in downstream applications via the customHtmlEscape parameter. Additionally, control over the escapeHtml parameter allows an attacker to perform cross-site scripting attacks...
CVE-2021-32818
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
CVE-2021-32818
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
Cross site scripting
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
CVE-2021-32818 Remote code execution and Reflected cross site scripting in haml-coffee
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
CVE-2021-32818
Affected software: haml-coffee (JavaScript templating solution). Vulnerability summary: A vulnerable application that passes user-controlled request objects to the haml-coffee template engine may suffer remote code execution. Additionally, config pollution can expose the escapeHtml control, preve...
haml 跨站脚本漏洞
haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...