Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45303
ThingsBoard prior to 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).
Thingsboard Thingsboard
NA
CVE-2023-29827
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended ...
Ejs Ejs 3.1.9
668
VMScore
CVE-2020-28246
A Server-Side Template Injection (SSTI) exists in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020.
Form Form.io 2.0.0
NA
CVE-2023-33570
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).
Webkul Bagisto 1.5.1
445
VMScore
CVE-2020-12790
In the SEOmatic plugin prior to 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.
Nystudio107 Seomatic
NA
CVE-2023-5764
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an malicious user to use a specially crafted file to introduce templating injection when suppl...
Redhat Ansible 2.16.0
Redhat Ansible
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.1
Redhat Ansible Inside 1.2
445
VMScore
CVE-2020-11994
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
Apache Camel
Apache Camel 2.25.0
Apache Camel 2.25.1
Oracle Enterprise Repository 11.1.1.7.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Diameter Signaling Router
NA
CVE-2024-24230
Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote malicious users to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command...
383
VMScore
CVE-2018-7663
An issue exists in resources/views/layouts/app.blade.php in Voten.co prior to 2017-08-25. An unescaped template literal in the bio field of a user profile (resources/views/layouts/app.blade.php) allows for server-side template injection of arbitrary JavaScript.
Voten Voten
668
VMScore
CVE-2021-40323
Cobbler prior to 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler Project Cobbler
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »