MEDIUM
Mustache.js Project
CVE published 2017-01-23
CVE-2015-8862
CVE-2015-8862 describes a cross-site scripting issue in mustache for Node.js versions before 2.2.1. According to NVD, the weakness is CWE-79 and the attack requires user interaction because the unsafe output is triggered through a rendered template that includes an unquoted attribute. The practical defensive takeaway is straightforward: update mustache to 2.2.1 or later and review templates that render in [truncated]