A vulnerability was found in Pug up to 3.0.2. It has been declared as problematic. This vulnerability affects the function
compileClient/compileFileClient/compileClientWithDependenciesTracked
of the component Template Compiler. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2024-36361. The attack can be initiated remotely. There is no exploit available.
The real existence of this vulnerability is still doubted at the moment.
It is recommended to apply a patch to fix this issue.