CVE-2016-1000230 — XSS in client rendered block templates in rendr

Description

Affected versions of `rendr` are vulnerable to cross-site scripting when client side rendering is done inside a `_block`. Server side rendering is not affected and is properly escaped. ## Recommendation Update to version 1.1.4 or later.

How to fix CVE-2016-1000230

To remediate CVE-2016-1000230, upgrade the affected package to a fixed version below.

npm/rendr—upgrade to 1.1.4 or later

Is CVE-2016-1000230 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2016-1000230.

Affected packages (1)

from 0, < 1.1.4

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-1000230
PATCHgithub.com/rendrjs/rendr-handlebars
WEBgithub.com/rendrjs/rendr-handlebars/pull/61
WEBgithub.com/rendrjs/rendr/pull/513
WEBwww.npmjs.com/advisories/128