Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-31635
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote malicious user to execute arbitrary code via the template function.
Jfinal Jfinal 4.9.08
7.2
CVSSv3
CVE-2022-34625
Mealie1.0.0beta3 exists to contain a Server-Side Template Injection vulnerability, which allows malicious users to execute arbitrary code via a crafted Jinja2 template.
Mealie Project Mealie 1.0.0
5.4
CVSSv3
CVE-2022-22112
In DayByDay CRM, versions 1.1 up to and including 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client brow...
Daybydaycrm Daybyday
9.8
CVSSv3
CVE-2020-28246
A Server-Side Template Injection (SSTI) exists in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL.
Form Form.io 2.0.0
9.8
CVSSv3
CVE-2023-6436
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection.This issue affects Website Template: up to and including 20231215.
Ekolbilisim Web Sablonu Yazilimi
7.2
CVSSv3
CVE-2021-35450
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute
Entando Admin Console
9.8
CVSSv3
CVE-2024-22533
Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be ...
Xiandafu Beetl 3.15.12
NA
CVE-2012-5777
Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote malicious users to execute arbitrary PHP code via a crafted template.
Phome Empirecms 6.6
9.8
CVSSv3
CVE-2023-49214
Usedesk prior to 1.7.57 allows chat template injection.
Usedesk Usedesk
8.8
CVSSv3
CVE-2023-45303
ThingsBoard prior to 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).
Thingsboard Thingsboard
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »