N-blog Possible Stored XSS Vulnerability in N-blog

Possible Stored XSS Vulnerability in N-blog

Open ajinabraham opened this issue 4 years ago • 0 comments

RULE ID: rule.ejs_ect_template DESCRIPTION: The EJS/ECT template has an unescaped variable. Untrusted user input passed to this variable results in Cross Site Scripting (XSS). TYPE: Regex PATTERN: <%-(?![ ]include().%> SEVERITY: ERROR INPUTCASE: exact CWE: CWE-79 OWASP: A1 - Injection

FILES_________

File: /N-blog-master/views/components/comments.ejs Match Position: 712 - 734 Match String: <%- comment.content %> Line: https://github.com/nswbmw/N-blog/blob/master/views/components/comments.ejs#L18

File: N-blog-master/views/components/post-content.ejs Match Position: 567 - 586 Match String: <%- post.content %> Line: https://github.com/nswbmw/N-blog/blob/master/views/components/post-content.ejs#L15

Detected by njsscan: https://github.com/ajinabraham/njsscan

Apr 23 '20 03:04 ajinabraham

N-blog N-blog copied to clipboard

Possible Stored XSS Vulnerability in N-blog

N-blog
N-blog copied to clipboard