Description
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Extra Product Options Multiple Vulnerabilities (4.5.3)
WordPress Plugin Slider Revolution Responsive Arbitrary File Upload (3.0.95)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (5.1.2)
WordPress Plugin WP Customize Login Cross-Site Scripting (1.1)