2 matches found
GHSA-VH22-6C6H-RM8Q jte's HTML templates containing Javascript template strings are subject to XSS
Summary Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. Details The javaScriptBlock and javaScriptAttribute methods in the Escape class source do not escape backticks, which are used for Javascript template strings...
jte's HTML templates containing Javascript template strings are subject to XSS
Summary Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. Details The javaScriptBlock and javaScriptAttribute methods in the Escape class source do not escape backticks, which are used for Javascript template strings...