Description
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Remediation
References
Related Vulnerabilities
Squid Uncontrolled Resource Consumption Vulnerability (CVE-2021-46784)
WordPress Plugin Remove Yoast SEO comments Unspecified Vulnerability (1.0.4)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7366)
Python Inefficient Regular Expression Complexity Vulnerability (CVE-2024-6232)
Envoy Proxy Incomplete Cleanup Vulnerability (CVE-2023-35945)