7 matches found
CVE-2026-28228
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
CVE-2026-28228
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
EUVD-2026-17201
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
CVE-2026-28228
OpenOLAT SAS/Velocity SSTI vulnerability (CVE-2026-28228) allows an authenticated author to inject Velocity directives into a reminder email; when processed, directives are evaluated server-side via Velocity #set chained with Java reflection, enabling arbitrary Java class execution (e.g., Process...
CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
BlueCoat CAS 1.3.7.1 Privilege Escalation
Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS Date: April 3, 2017 Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd Contact: chrisdhebertatgmail.com Vendor Security Advisory: https://bto.bluecoat.com/security-advisory/sa138 Version: CAS 1.3 prior to 1.3.7.4 ...