Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.7 views

CVE-2023-45303

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...

8.8CVSS7AI score0.00858EPSS
Exploits1References1
Circl
Circl
added 2023/10/06 10:13 p.m.8 views

CVE-2023-45303

creationtimestamp| type| source ---|---|--- 2023-10-06 22:13:47+00:00| seen| https://t.me/cibsecurity/71759 2023-11-01 13:42:51+00:00| seen| https://t.me/ETHICALHACKERSCOMMUNITY2/3224...

8.8CVSS8.6AI score0.00858EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/10/06 7:15 p.m.4 views

CVE-2023-45303

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...

8.8CVSS7.3AI score0.00858EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/10/06 12:0 a.m.14 views

CVE-2023-45303

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...

8.4CVSS7.4AI score0.00858EPSS
Exploits1References2
CVE
CVE
added 2023/10/06 12:0 a.m.68 views

CVE-2023-45303

ThingsBoard before 3.5 is affected by a Server-Side Template Injection via Apache FreeMarker’s freemarker.template.utility.Execute when users can modify an email template and content is sent to /api/admin/settings. Connected sources (Red Hat, OSV, GHSA, CNNVD, CVE lists) confirm the injection roo...

8.8CVSS8.7AI score0.00858EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder