CVE-2015-8862

Published: 23 January 2017

mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
mustache.js
Launchpad, Ubuntu, Debian
Upstream
Released (2.3.0)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.3.0-2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.3.0-2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)