nuclei-templates/file/nodejs/xss-disable-mustache-escape.yaml

id: xss-disable-mustache-escape

info:
  name: XSS Disable Mustache Escape
  author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
  severity: info
  description: Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks.
  tags: file,nodejs,mustache,xss
file:
  - extensions:
      - all
    matchers:
      - type: regex
        regex:
          - "[\\w\\W]+?\\.escapeMarkup = false"
# digest: 4a0a00473045022100e139edc65f8d5fb6f464a7c866c52485dac9653599c18d3c5526d3a5bd6aa8ad02204a3fd555d2d25373e22b4922451c0c2deeee9d05e6e1c157bdfc87c3b642aff1:922c64590222798bb761d5b6d8e72950