PT-2018-4716 · Bakbone · Backbone

Published

2018-05-31

Updated

2019-10-09

CVE-2016-10537

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions backbone versions 0.3.3 and earlier

Description The issue arises from a potential Cross Site Scripting vulnerability in the Model#Escape function. This vulnerability occurs when a user is able to supply input, and the output is then written to the DOM. The regular expression used to encode metacharacters fails to account for HTML Entities, such as <, which represents the less-than sign (<). This failure can lead to the execution of malicious scripts.

Recommendations Update to version 0.5.0 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2016-10537

GHSA-J6P2-CX3W-6JCP

Affected Products

Backbone

PT-2018-4716 · Bakbone · Backbone

CVE-2016-10537

Weakness Enumeration

Related Identifiers

Affected Products

References · 14