CVE-2017-1000188: XSS

Q: What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2017-1000188.

Q: What is the severity of CVE-2017-1000188?

The severity of CVE-2017-1000188 is medium with a severity value of 6.1.

Q: Which software versions are affected by CVE-2017-1000188?

Node.js ejs versions older than 2.5.5 are affected by CVE-2017-1000188.

Q: How can the vulnerability be exploited?

The vulnerability can be exploited through a cross-site scripting (XSS) attack in the `ejs.renderFile()` function, allowing for code injection.

Q: How can I fix CVE-2017-1000188?

To fix CVE-2017-1000188, update Node.js ejs to version 2.5.5 or newer.

Published Nov 17, 2017

Updated

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection

Other sources

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection

Affected Software

2 affected componentsFixes available

npm/ejs<2.5.5

2.5.5

ejs ejs<2.5.5

Remediation

Patch Available

https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f

Event History

Nov 17, 2017

CVE Published

via MITRE·03:00 AM

Data Sourced

via MITRE·03:00 AM

Description

Nov 30, 2017

Advisory Published

11:15 PM

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2017-1000188.

What is the severity of CVE-2017-1000188?

The severity of CVE-2017-1000188 is medium with a severity value of 6.1.

Which software versions are affected by CVE-2017-1000188?