RULE ID: rule.ejs_ect_template
DESCRIPTION: The EJS/ECT template has an unescaped variable. Untrusted user input passed to this variable results in Cross Site Scripting (XSS).
TYPE: Regex
PATTERN: <%-(?![ ]include().%>
SEVERITY: ERROR
INPUTCASE: exact
CWE: CWE-79
OWASP: A1 - Injection
RULE ID: rule.ejs_ect_template DESCRIPTION: The EJS/ECT template has an unescaped variable. Untrusted user input passed to this variable results in Cross Site Scripting (XSS). TYPE: Regex PATTERN: <%-(?![ ]include().%> SEVERITY: ERROR INPUTCASE: exact CWE: CWE-79 OWASP: A1 - Injection
__FILES___
File: /N-blog-master/views/components/comments.ejs Match Position: 712 - 734 Match String: <%- comment.content %> Line: https://github.com/nswbmw/N-blog/blob/master/views/components/comments.ejs#L18
File: N-blog-master/views/components/post-content.ejs Match Position: 567 - 586 Match String: <%- post.content %> Line: https://github.com/nswbmw/N-blog/blob/master/views/components/post-content.ejs#L15
Detected by njsscan: https://github.com/ajinabraham/njsscan