Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2017-1000188

Published: 17/11/2017 Updated: 30/11/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Ejs

Vulnerability Summary

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection

Vulnerable Product Search on Vulmon Subscribe to Product

ejs ejs

Vendor Advisories

Red Hat: CVE-2017-1000188
nodejs ejs version older than 255 is vulnerable to a Cross-site-scripting in the ejsrenderFile() resulting in code injection ...

Github Repositories

https://github.com/ezmac/lab-computer-availability

Computer availability script written for Mississippi State University Libraries

This project is defunct; I'm leaving it because it can give you a huge head start to reproduce something similar, but don't use as is It contains vulnerabilities Github has flagged the EJS dependency as having the following vulnerabilities: CVE-2017-1000188 - Moderate severity CVE-2017-1000189 - High severity CVE-2017-1000228 - High severity You have been warned

https://github.com/ipepe/nodejs-dpd-ejs-express

Using Deployd module with dpd-express module for node.js I created simple members area code for reuse in future projects that will need auth-only code.

WARNING! THIS PROJECT IS NOT LONGER MAINTAINED! Known security vulnerabilities detected Dependency ejs Version < 255 Upgrade to ~> 255 Vulnerabilities CVE-2017-1000189 High severity CVE-2017-1000188 Moderate severity nodejs-dpd-ejs-express Using Deployd module with dpd-express module for nodejs I created simple members area code for reuse in future projects t

References

CWE-79https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8fhttp://www.securityfocus.com/bid/101889https://nvd.nist.govhttps://github.com/ezmac/lab-computer-availabilityhttps://access.redhat.com/security/cve/cve-2017-1000188
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook