Description
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
Remediation
References
https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f
http://www.securityfocus.com/bid/101889
Related Vulnerabilities
CVE-2022-29166 Vulnerability in npm package matrix-org-irc
CVE-2023-32069 Vulnerability in maven package org.xwiki.platform:xwiki-platform-xclass-ui
CVE-2017-15879 Vulnerability in npm package keystone
CVE-2022-24814 Vulnerability in npm package directus
CVE-2023-46604 Vulnerability in maven package org.apache.activemq:activemq-openwire-legacy