npm

Severity: high

XSS in client rendered block templates

rendr

Overview

Affected versions of rendr are vulnerable to cross-site scripting when client side rendering is done inside a _block.

Server side rendering is not affected and is properly escaped.

Remediation

Update to version 1.1.4 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jul 25th, 2016
  2. reported

    Initial report by Jon Merrifield
    Jul 22nd, 2016