CVE-2016-10537

Name of the Vulnerable Software and Affected Versions backbone versions 0.3.3 and earlier

Description The issue arises from a potential Cross Site Scripting vulnerability in the Model#Escape function. This vulnerability occurs when a user is able to supply input, and the output is then written to the DOM. The regular expression used to encode metacharacters fails to account for HTML Entities, such as <, which represents the less-than sign (<). This failure can lead to the execution of malicious scripts.

Recommendations Update to version 0.5.0 or later.