Possible Stored XSS Vulnerability in N-blog

RULE ID: rule.ejs_ect_template
DESCRIPTION: The EJS/ECT template has an unescaped variable. Untrusted user input passed to this variable results in Cross Site Scripting (XSS).
TYPE: Regex
PATTERN: <%-(?![ ]*include\().*%>
SEVERITY: ERROR
INPUTCASE: exact
CWE: CWE-79
OWASP: A1 - Injection

__________________FILES___________________________


File: /N-blog-master/views/components/comments.ejs
Match Position: 712 - 734
Match String: <%- comment.content %>
Line: https://github.com/nswbmw/N-blog/blob/master/views/components/comments.ejs#L18

File: N-blog-master/views/components/post-content.ejs
Match Position: 567 - 586
Match String: <%- post.content %>
Line: https://github.com/nswbmw/N-blog/blob/master/views/components/post-content.ejs#L15

Detected by njsscan: https://github.com/ajinabraham/njsscan

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Possible Stored XSS Vulnerability in N-blog #484

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Possible Stored XSS Vulnerability in N-blog #484

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions