CVE-2015-8862: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
References
- www.openwall.com/lists/oss-security/2016/04/20/11
- www.securityfocus.com/bid/96436
- github.com/advisories/GHSA-w3w8-37jv-2c58
- github.com/janl/mustache.js/commit/378bcca8a5cfe4058f294a3dbb78e8755e8e0da5
- nodesecurity.io/advisories/62
- nvd.nist.gov/vuln/detail/CVE-2015-8862
- www.npmjs.com/advisories/62
- www.tenable.com/security/tns-2016-18
Detect and mitigate CVE-2015-8862 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →