Candidate: CVE-2015-8862
PublicDate: 2017-01-23 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8862
Description:
 mustache package before 2.2.1 for Node.js allows remote attackers to
 conduct cross-site scripting (XSS) attacks by leveraging a template with an
 attribute that is not quoted.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]

Patches_mustache.js:
upstream_mustache.js: released (2.3.0)
precise_mustache.js: DNE
precise/esm_mustache.js: DNE
trusty_mustache.js: ignored (reached end-of-life)
trusty/esm_mustache.js: DNE (trusty was needed)
vivid/stable-phone-overlay_mustache.js: DNE
vivid/ubuntu-core_mustache.js: DNE
wily_mustache.js: ignored (reached end-of-life)
xenial_mustache.js: not-affected (2.3.0-2)
yakkety_mustache.js: ignored (reached end-of-life)
zesty_mustache.js: ignored (reached end-of-life)
artful_mustache.js: ignored (reached end-of-life)
bionic_mustache.js: not-affected (2.3.0-2)
cosmic_mustache.js: not-affected (2.3.0-2)
disco_mustache.js: not-affected (2.3.0-2)
devel_mustache.js: not-affected (2.3.0-2)