`","datePublished":"2018-05-31T20:29:01.737","dateModified":"2026-06-17T00:39:54.890","about":{"@type":"Thing","name":"mozilla nunjucks"}}
cvedb.io
CVE-2016-10547
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2018-05-31T20:29:01.737 · Last modified 2026-06-17T00:39:54.890

Summary

Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM.

Affected products

mozilla — nunjucks

Does this affect you?

Add your gear to cvedb and we'll alert you only when mozilla ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.