Cross-site Scripting (XSS)

2018-04-1006:00:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

38.0%

JSON

bracket-template is vulnerable to cross-site scripting (XSS) attacks. The library does not sanitize user input before rendering it, allowing a malicious user to inject and execute arbitrary Javascript.

CPENameOperatorVersion
bracket-templatele1.1.5
bracket-templatele1.1.5

CPE	Name	Operator	Version
	bracket-template	le	1.1.5
	bracket-template	le	1.1.5

References

github.com/danlevan/bracket-template/blob/ecfe2f5435a291a63285279f1a3e37d693e7e5ad/src/bracket.js#L94

hackerone.com/bl4de

hackerone.com/reports/317125

0.001 Low

EPSS

Percentile

38.0%

JSON

Related for VERACODE:6071