Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-32101
kkcms v1.3.7 exists to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php.
Kkcms Project Kkcms 1.37
NA
CVE-2023-27292
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.
Opencats Opencats 0.9.6
7.5
CVSSv2
CVE-2020-28246
A Server-Side Template Injection (SSTI) exists in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandb...
Form Form.io 2.0.0
7.5
CVSSv2
CVE-2021-44618
A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.
Nystudio107 Seomatic 3.4.12
6.5
CVSSv2
CVE-2019-19999
Halo prior to 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
Halo Halo
Halo Halo 1.1.3
Halo Halo 1.2.0
7.5
CVSSv2
CVE-2019-14965
An issue exists in Frappe Framework 10 through 12 prior to 12.0.4. A server side template injection (SSTI) issue exists.
Frappe Frappe
1 Github repository
6.8
CVSSv2
CVE-2021-43466
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.
Thymeleaf Thymeleaf 3.0.12
6.5
CVSSv2
CVE-2021-43097
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code.
Diyhi Bbs 5.3
3.5
CVSSv2
CVE-2021-30214
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter.
10
CVSSv2
CVE-2020-21523
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign tes...
Halo Halo 1.1.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »