Lucene search
China National Vulnerability DatabaseCNVD-2022-03902HistoryJan 06, 2022 - 12:00 a.m.
Latte Cross-Site Scripting Vulnerability
2022-01-0600:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
0.001 Low
EPSS
Percentile
26.4%
Latte is a template engine for Nette Foundation’s Php. Latte in version 2.8.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Nette latte >=2.8.0, | lt | 2.8.8 | |
| Nette latte >=2.9.0, | lt | 2.9.6 | |
| Nette latte >=2.10.0, | lt | 2.10.8 |
Related
cve
cve
CVE-2022-21648
2022-01-04 20:15:08
osv
osv
Sandbox bypass in Latte templates
2022-01-06 23:17:07
CVE-2022-21648
2022-01-04 20:15:08
nvd
nvd
CVE-2022-21648
2022-01-04 20:15:08
debiancve
debiancve
CVE-2022-21648
2022-01-04 20:15:00
veracode
veracode
Cross-site Scripting (XSS)
2022-01-05 05:42:02
cvelist
cvelist
CVE-2022-21648 Sandbox bypass in Latte templates
2022-01-04 20:10:11
github
github
Sandbox bypass in Latte templates
2022-01-06 23:17:07
ubuntucve
ubuntucve
CVE-2022-21648
2022-01-04 00:00:00
prion
prion
Design/Logic Flaw
2022-01-04 20:15:00