Description
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).
Remediation
References
Related Vulnerabilities
WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Request Forgery (4.3.24)
WordPress Plugin Auto Attachments TimThumb Arbitrary File Upload (0.3)
WordPress Plugin Zedna eBook download Directory Traversal (1.1)
MediaWiki Other Vulnerability (CVE-2005-3165)
WordPress Plugin Question Answer Multiple Cross-Site Scripting Vulnerabilities (1.2.30)