Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-45303
ThingsBoard prior to 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).
Thingsboard Thingsboard
9.8
CVSSv3
CVE-2023-26092
Liima prior to 1.17.28 allows server-side template injection.
Puzzle Liima
8.8
CVSSv3
CVE-2023-33570
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).
Webkul Bagisto 1.5.1
7.5
CVSSv3
CVE-2020-12790
In the SEOmatic plugin prior to 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.
Nystudio107 Seomatic
7.8
CVSSv3
CVE-2023-5764
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an malicious user to use a specially crafted file to introduce templating injection when suppl...
Redhat Ansible 2.16.0
Redhat Ansible
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.1
Redhat Ansible Inside 1.2
7.5
CVSSv3
CVE-2020-11994
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
Apache Camel
Apache Camel 2.25.0
Apache Camel 2.25.1
Oracle Enterprise Repository 11.1.1.7.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Diameter Signaling Router
NA
CVE-2024-34710
Wiki.js is al wiki app built on Node.js. Client side template injection exists, that could allow an malicious user to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through...
9.8
CVSSv3
CVE-2021-40323
Cobbler prior to 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler Project Cobbler
NA
CVE-2024-24230
Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote malicious users to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command...
6.1
CVSSv3
CVE-2018-7663
An issue exists in resources/views/layouts/app.blade.php in Voten.co prior to 2017-08-25. An unescaped template literal in the bio field of a user profile (resources/views/layouts/app.blade.php) allows for server-side template injection of arbitrary JavaScript.
Voten Voten
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »