mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
902 B
902 B
CVE-2016-10547
%20-%20Generic%20(CWE-79)&color=brighgreen)
Description
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as name[]=<script>alert(1)</script>, it is possible to bypass autoescaping and inject content into the DOM.
POC
Reference
Github
No PoCs found on GitHub currently.