Description
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
Remediation
References
http://www.securityfocus.com/bid/101889
https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f
Related Vulnerabilities
CVE-2021-28918 Vulnerability in npm package netmask
CVE-2017-7681 Vulnerability in maven package org.apache.openmeetings:openmeetings-server
CVE-2022-45393 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin
CVE-2020-7739 Vulnerability in npm package phantomjs-seo
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api