html-pages is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists as the value of name
in index.hbs
is not sanitized and can be used to inject arbitrary Javascript into a victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
html-pages | le | 2.1.3 |