5 matches found
CVE-2023-45303
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
CVE-2023-45303
creationtimestamp| type| source ---|---|--- 2023-10-06 22:13:47+00:00| seen| https://t.me/cibsecurity/71759 2023-11-01 13:42:51+00:00| seen| https://t.me/ETHICALHACKERSCOMMUNITY2/3224...
CVE-2023-45303
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
CVE-2023-45303
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
CVE-2023-45303
ThingsBoard before 3.5 is affected by a Server-Side Template Injection via Apache FreeMarker’s freemarker.template.utility.Execute when users can modify an email template and content is sent to /api/admin/settings. Connected sources (Red Hat, OSV, GHSA, CNNVD, CVE lists) confirm the injection roo...