Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-10100
In JetBrains YouTrack Confluence plugin versions prior to 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-tem...
Jetbrains Youtrack Integration
5.4
CVSSv3
CVE-2021-30214
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter.
7.2
CVSSv3
CVE-2021-43097
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code.
Diyhi Bbs 5.3
9.8
CVSSv3
CVE-2023-30331
An issue in the render function of beetl v3.15.0 allows malicious users to execute server-side template injection (SSTI) via a crafted payload.
Beetl Project Beetl 3.15
6.1
CVSSv3
CVE-2023-49061
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.
Mozilla Firefox
4.8
CVSSv3
CVE-2020-9437
SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.
Secureauth Secureauth Identity Provider 9.3.0
7.2
CVSSv3
CVE-2023-22621
Strapi up to and including 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an...
Strapi Strapi
3 Github repositories
7.2
CVSSv3
CVE-2021-39128
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected v...
Atlassian Jira Server
Atlassian Jira Data Center
9.8
CVSSv3
CVE-2020-9757
The SEOmatic component prior to 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
Craftcms Craft Cms
NA
CVE-2008-0139
Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and previous versions allows remote malicious users to execute arbitrary PHP code via the template parameter.
Loudblog Loudblog
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »