mde

3 exploits Active since Nov 2017
CVE-2024-33883 WRITEUP MEDIUM WRITEUP
ejs < 3.1.10 - Protection Mechanism Failure
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
CVSS 4.0
CVE-2017-1000188 WRITEUP MEDIUM WRITEUP
ejs < 2.5.5 - Cross-Site Scripting via ejs.renderFile()
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
CVSS 6.1
CVE-2017-1000189 WRITEUP HIGH WRITEUP
ejs < 2.5.5 - Denial of Service via Weak Input Validation in ejs.renderFile()
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()
CVSS 7.5