Medium severity6.1NVD Advisory· Published Nov 17, 2017· Updated Jun 17, 2026
CVE-2017-1000188
CVE-2017-1000188
Description
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ejsnpm | < 2.5.5 | 2.5.5 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8fnvdPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/101889nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-hwcf-pp87-7x6pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-1000188ghsaADVISORY
- web.archive.org/web/20200227134555/http://www.securityfocus.com/bid/101889ghsaWEB
News mentions
0No linked articles in our index yet.