CVE-2016-10547 - OpenCVE

Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Nunjucks

Configuration 1 [-]

cpe:2.3:a:mozilla:nunjucks:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/matt-/nunjucks_test
https://github.com/mozilla/nunjucks/issues/835
https://nodesecurity.io/advisories/147

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2018-05-31T20:00:00Z

Updated: 2024-09-16T16:43:50.537Z

Reserved: 2017-10-29T00:00:00

Link: CVE-2016-10547

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-05-31T20:29:01.737

Modified: 2019-10-09T23:16:45.357

Link: CVE-2016-10547

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "nunjucks node module", "vendor": "HackerOne", "versions": [{"status": "affected", "version": "<=2.4.2"}]}], "datePublic": "2018-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Cross-site Scripting (XSS) - Generic (CWE-79)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-31T19:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/mozilla/nunjucks/issues/835"}, {"tags": ["x_refsource_MISC"], "url": "https://nodesecurity.io/advisories/147"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/matt-/nunjucks_test"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "DATE_PUBLIC": "2018-04-26T00:00:00", "ID": "CVE-2016-10547", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "nunjucks node module", "version": {"version_data": [{"version_value": "<=2.4.2"}]}}]}, "vendor_name": "HackerOne"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site Scripting (XSS) - Generic (CWE-79)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/mozilla/nunjucks/issues/835", "refsource": "MISC", "url": "https://github.com/mozilla/nunjucks/issues/835"}, {"name": "https://nodesecurity.io/advisories/147", "refsource": "MISC", "url": "https://nodesecurity.io/advisories/147"}, {"name": "https://github.com/matt-/nunjucks_test", "refsource": "MISC", "url": "https://github.com/matt-/nunjucks_test"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:21:52.154Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mozilla/nunjucks/issues/835"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://nodesecurity.io/advisories/147"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/matt-/nunjucks_test"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2016-10547", "datePublished": "2018-05-31T20:00:00Z", "dateReserved": "2017-10-29T00:00:00", "dateUpdated": "2024-09-16T16:43:50.537Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:nunjucks:*:*:*:*:*:*:*:*", "matchCriteriaId": "D82CA76B-B062-4E4A-85FA-5C56C70F76E8", "versionEndIncluding": "2.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM."}, {"lang": "es", "value": "Nunjucks es un motor de creaci\u00f3n de plantillas con funcionalidades completas para JavaScript. Las versiones 2.4.2 y anteriores tienen una vulnerabilidad de Cross-Site Scripting (XSS) en el modo autoescape. En este modo, todas las variables de plantilla deber\u00edan escaparse autom\u00e1ticamente. Mediante el uso de un array para las claves, como \"name[]=\", es posible omitir el autoescapado e inyectar contenido en el DOM."}], "id": "CVE-2016-10547", "lastModified": "2019-10-09T23:16:45.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-31T20:29:01.737", "references": [{"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/matt-/nunjucks_test"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mozilla/nunjucks/issues/835"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://nodesecurity.io/advisories/147"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "support@hackerone.com", "type": "Secondary"}]}