Summary

It is like a Server Side Template Injection but in the client. The SSTI can allow you the execute code on the remote server, the CSTI could allow you to execute arbitrary JavaScript code in the victim.

The way to test for this vulnerability is very similar as in the case of SSTI, the interpreter is going to expect something to execute between doubles keys and will execute it. For example using something like: {{ 7-7 }} if the server is vulnerable you will see a 0 and if not you will see the original: {{ 7-7 }}

You can find a very basic online example of the vulnerability in AngularJ in http://jsfiddle.net/2zs2yv7o/ and an example in vue.js in https://github.com/azu/vue-client-side-template-injection-example/blob/master/server/index.js​