CVE-2017-1000188
MEDIUMejs < 2.5.5 - Cross-Site Scripting via ejs.renderFile()
Title source: llmDescription
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101889
Scores
CVSS v3
6.1
EPSS
0.0123
EPSS Percentile
65.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
ejs/ejs
< 2.5.5
npm/ejs
0 - 2.5.5npm
Published
Nov 17, 2017
Tracked Since
Feb 18, 2026