6 matches found
CVE-2022-21648
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...
CVE-2022-21648
creationtimestamp| type| source ---|---|--- 2022-01-04 22:38:29+00:00| seen| https://t.me/cibsecurity/34955...
CVE-2022-21648
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...
CVE-2022-21648
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...
CVE-2022-21648
Latte (PHP template engine) versions since 2.8.0 expose a sandbox escape in the built-in template sandbox, allowing injection into HTML pages generated from Latte and potentially enabling XSS. The issue is confirmed by multiple sources and is fixed in version 2.8.8, 2.9.6, and 2.10.8. If upgradin...
CVE-2022-21648 Sandbox bypass in Latte templates
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...