A stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. (CVE-2022-27662)
Impact
If successful, an attacker can cause the server to parse template language-specific commands in order to inject HTML or JavaScript, which will be executed in the context of the currently logged-in user.