CVE-2024-37166

Name of the Vulnerable Software and Affected Versions ghtml versions prior to 2.0.0

Description The issue allows for the introduction of user-controlled JavaScript code, potentially triggering a Cross-Site Scripting (XSS) vulnerability in certain cases. Developers should be cautious and take additional measures to sanitize user input and prevent potential vulnerabilities. The backtick character (`) is now also escaped to prevent the creation of strings in most cases where a malicious actor gains the ability to write JavaScript. However, this does not provide comprehensive protection against all types of XSS attacks.

Recommendations For versions prior to 2.0.0, update to version 2.0.0 to address the Cross-Site Scripting vulnerabilities. Additionally, consider implementing extra sanitization measures for user input to enhance cybersecurity. As a temporary workaround, consider restricting the use of user-controlled input in template engine functionality until the issue is fully resolved.