Do your applications use this vulnerable package?
Test your applications
Overview
jsviews
is Next-generation MVVM and MVP framework - built on top of JsRender templates. Bringing templates to life.
Affected versions of the package are vulnerable to Template Injection.
Remediation
Upgrade jsviews
to version 0.9.74 or higher.
References
CVSS Score
6.3
medium severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredLow
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityLow
-
AvailabilityLow
- Credit
- Paweł Hałdrzyński
- CWE
- CWE-94
- Snyk ID
- npm:jsviews:20160320
- Disclosed
- 19 Mar, 2016
- Published
- 19 Jan, 2018