Vulnerabilities > EJS

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-04	CVE-2023-29827	Injection vulnerability in EJS 3.1.9 ejs v3.1.9 is vulnerable to server-side template injection. network low complexity ejs CWE-74 critical	9.8
2022-04-25	CVE-2022-29078	Code Injection vulnerability in EJS 3.1.6 The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. network low complexity ejs CWE-94 critical	9.8
2017-11-17	CVE-2017-1000228	Improper Input Validation vulnerability in EJS nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function network low complexity ejs CWE-20 critical	9.8
2017-11-17	CVE-2017-1000189	Improper Input Validation vulnerability in EJS nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() network low complexity ejs CWE-20	7.5
2017-11-17	CVE-2017-1000188	Cross-site Scripting vulnerability in EJS nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection network low complexity ejs CWE-79	6.1

Vulnerabilities > EJS {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"EJS"}]}