QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2016-10537

Back to search

CVE-2016-10537

Published: May 31, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.

VendorProductVersions

HackerOne

backbone node module

affected
<= 0.3.3

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now