backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2018-05-31T20:00:00Z

Updated: 2024-09-17T04:14:50.404Z

Reserved: 2017-10-29T00:00:00

Link: CVE-2016-10537

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-05-31T20:29:01.317

Modified: 2024-11-21T02:44:13.440

Link: CVE-2016-10537

cve-icon Redhat

No data.