Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-43097
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code.
Diyhi Bbs 5.3
5.4
CVSSv3
CVE-2021-30214
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter.
6.1
CVSSv3
CVE-2023-49061
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.
Mozilla Firefox
9.8
CVSSv3
CVE-2023-30331
An issue in the render function of beetl v3.15.0 allows malicious users to execute server-side template injection (SSTI) via a crafted payload.
Beetl Project Beetl 3.15
4.8
CVSSv3
CVE-2020-9437
SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.
Secureauth Secureauth Identity Provider 9.3.0
7.2
CVSSv3
CVE-2023-22621
Strapi up to and including 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an...
Strapi Strapi
3 Github repositories
7.2
CVSSv3
CVE-2021-39128
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected v...
Atlassian Jira Server
Atlassian Jira Data Center
9.8
CVSSv3
CVE-2020-9757
The SEOmatic component prior to 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
Craftcms Craft Cms
NA
CVE-2008-0139
Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and previous versions allows remote malicious users to execute arbitrary PHP code via the template parameter.
Loudblog Loudblog
1 EDB exploit
8.8
CVSSv3
CVE-2021-42651
A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote malicious user to execute arbitrary code through /project/PROJECTNAME/reports/.
Pentest Collaboration Framework Project Pentest Collaboration Framework 1.0.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »