MEDIUM

GHSA-jhgf-2h8h-ggxv

Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables

상세

## Impact

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Parse Server's password reset and email verification HTML pages.

## Patches

The patch escapes user controlled values that are inserted into the HTML pages.

## Workarounds

None.

## Resources

- https://github.com/parse-community/parse-server/security/advisories/GHSA-jhgf-2h8h-ggxv - https://github.com/parse-community/parse-server/pull/9985 - https://github.com/parse-community/parse-server/pull/9986

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / parse-server

최초 영향 버전: 0 수정 버전: 8.6.1

수정 npm install parse-server@8.6.1

npm / parse-server

최초 영향 버전: 9.0.0 수정 버전: 9.1.0-alpha.3

수정 npm install parse-server@9.1.0-alpha.3

참고

https://github.com/parse-community/parse-server/security/advisories/GHSA-jhgf-2h8h-ggxv [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2025-68115 [ADVISORY]
https://github.com/parse-community/parse-server/pull/9985 [WEB]
https://github.com/parse-community/parse-server/pull/9986 [WEB]
https://github.com/parse-community/parse-server [PACKAGE]