39 matches found
FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)
Summary Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead of html/template, allowing injected scripts to execute when victims visit the share URL. Details T...
CVE-2026-28279
osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...
EUVD-2018-11220
Malware in sbrugna...
Vitess allows HTML injection in /debug/querylogz & /debug/env
Summary The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. Details These pages are rendered using text/template instead of rendering with a proper HTML...
GHSA-7MWH-Q3XM-QH6P Vitess allows HTML injection in /debug/querylogz & /debug/env
Summary The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. Details These pages are rendered using text/template instead of rendering with a proper HTML...
[SECURITY] Fedora 35 Update: golang-github-nicksnyder-i18n-2-2.1.2-5.fc35
go-i18n is a Go package and a command that helps you translate Go programs in to multiple languages. - Supports pluralized strings for all 200+ languages in the Unicode Common Locale Data Repository CLDR. - Code and tests are automatically generated from CLDR data. - Supports strings with named...
new packages: perl-Text-Template
An update is available for perl-Text-Template. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
new module: perl:5.30
An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...
CVE-2018-19531
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
CVE-2018-19530
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...
CVE-2018-19530
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...
CVE-2018-19531
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
CVE-2018-19531
HTTL (Hyper-Text Template Language) 1.0.11 and earlier is vulnerable to remote command execution due to unsafe use of java.beans.XMLEncoder in decodeXml when xml.codec is not configured. This is documented across multiple sources (NVD entry CVE-2018-19531, Veracode note, and OSV/CVE references). ...
CVE-2018-19530
HTTL (Hyper-Text Template Language)
HTTL Remote Command Execution Vulnerability
HTTL also known as Hyper-Text Template Language is an open source Java template engine , it is mainly used for dynamic HTML page output . HTTL 1.0.11 and earlier versions of a security vulnerability , the vulnerability stems from the failure to configure the xml.codec , the program defaults to us...
HTTL Remote Command Execution Vulnerability (CNVD-2019-05940)
HTTL also known as Hyper-Text Template Language is an open source Java template engine , it is mainly used for dynamic HTML page output . HTTL 1.0.11 and earlier versions of the 'decodeXml' function has a security vulnerability that stems from the fact that when configured with...
DEBIAN-CVE-2005-0870
Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...
CVE-2005-0870
Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...
CVE-2005-0870
Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...