logo

Database

Server side cross-site scripting In bracket-template

Description

Cross-Site Scripting in bracket-template All versions of bracket-template are vulnerable to stored cross-site scripting (XSS). This is exploitable when a variable passed in via a GET parameter is used in a template.

Recommendation

No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. GCVE-GHSA-jj6g-7j8p-7gf2

References

1. https://hackerone.com/reports/3171252. https://www.npmjs.com/advisories/608

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.