Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

Description Several filters in the twig/ extras packages are registered with issafe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...

PT-2026-42631

Description Several filters in the twig/ extras packages are registered with is safe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...

Cross-site Scripting (XSS)

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the spaceless filter registered with issafe = 'html'. An attacker can execute arbitrary HTML or JavaScript by supplying crafted markup to...

EUVD-2018-0746

Malware in sbrugna...

EUVD-2024-0250

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-2142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two...

CVE-2021-39286

Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped...

CVE-2023-2142

A flaw was found in Nunjucks versions prior to 3.2.4. This vulnerability can allow attackers to inject cross-site scripting XSS payloads via bypassing autoescape functionality by using a backslash \ character when two user-controlled parameters are on the same line in the views...

CVE-2023-2142

In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...

DEBIAN-CVE-2023-2142

In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...

CVE-2023-2142

In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...

UBUNTU-CVE-2023-2142

In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...

CVE-2023-2142 Nunjucks autoescape bypass leads to cross site scripting

In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...

CVE-2023-2142 Nunjucks autoescape bypass leads to cross site scripting

In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...

Cross-site Scripting (XSS)

Overview github.com/gofiber/template/v2/django/v2 is a template engine create by flosch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Views interface due to improper input validation. An attacker can execute malicious scripts in users' browsers when visitin...

CVE-2024-22199

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

CVE-2024-22199 Django Template Engine Vulnerable to XSS

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

CVE-2024-22199 Django Template Engine Vulnerable to XSS

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

GHSA-4MQ2-GC4J-CMW6 Django Template Engine Vulnerable to XSS

Impact Vulnerability Type: Cross-Site Scripting XSS Affected Users: All users of the Django template engine for Fiber prior to the patch. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of...

PT-2024-19268 · Unknown · Django Template Engine

Name of the Vulnerable Software and Affected Versions: Django template engine for Fiber versions prior to the latest patched version Description: This issue specifically impacts web applications that render user-supplied data through the Django template engine, potentially leading to the executio...