CVE-2023-2142

In Nunjucks versions prior to version 3.2.4, it waspossible to bypass the restrictions which are provided by the autoescapefunctionality. If there are two user-controlled parameters on the sameline used in the views, it was possible to inject cross site scriptingpayloads using the backslash \ chara...

CVE-2016-10547

Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as name[]=<script>alert(1)<...