CVE-2016-10537 Vulnerability Details

  /     /     /  

CVE-2016-10537 Metadata Quick Info

CVE Published: 31/05/2018 | CVE Updated: 17/09/2024 | CVE Year: 2016
Source: hackerone | Vendor: HackerOne | Product: backbone node module
Status : PUBLISHED

CVE-2016-10537 Description

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that\'s replacing things to miss the conversion of things such as `<` to `<`.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: Cross-site Scripting (XSS) - Generic (CWE-79)
Source: HackerOne

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).