MEDIUM
Handlebars.js Project
CVE published 2017-01-23
CVE-2015-8861
CVE-2015-8861 describes a cross-site scripting flaw in handlebars.js for Node.js versions before 4.0.0. According to NVD, the issue can be triggered through a template that uses an attribute without quotes, which can lead to client-side script execution in affected web applications.