XSS in client rendered block templates in rendr · CVE-2016-1000230 · GitHub Advisory Database · GitHub

XSS in client rendered block templates in rendr

High severity GitHub Reviewed Published Sep 1, 2020 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

rendr (npm)

Affected versions

<= 1.1.3

Patched versions

1.1.4

Description

Affected versions of rendr are vulnerable to cross-site scripting when client side rendering is done inside a _block.

Server side rendering is not affected and is properly escaped.

Recommendation

Update to version 1.1.4 or later.

References

Reviewed Aug 31, 2020

Published to the GitHub Advisory Database Sep 1, 2020

Last updated Jan 9, 2023