54 matches found
CVE-2025-65271
Client-side template injection CSTI in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege...
CVE-2025-66572
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...
EUVD-2019-7585
Malware in sbrugna...
EUVD-2019-7586
Malware in sbrugna...
EUVD-2022-27261
Malicious code in bioql PyPI...
EUVD-2024-51991
Malicious code in bioql PyPI...
CVE-2024-46366
A Client-side Template Injection CSTI vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the...
CVE-2024-53554
A Client-Side Template Injection CSTI vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details...
CVE-2024-56174
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history...
CVE-2024-37846
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection CSTI vulnerability via the Platform Management Edit page...
CVE-2020-9437
SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS...
CVE-2019-17125
A Reflected Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS...
Loaded Commerce 6.6 Client-Side Template Injection
Loaded Commerce version 6.6 suffers from a client-side template injection vulnerability. Exploit Title: Loaded Commerce 6.6 Client-Side Template InjectionCSTI AngularJS Date: 03/13/2025 Exploit Author: tmrswrr Vendor Homepage: https://loadedcommerce.com/ Version: 6.6 Tested on:...
CVE-2024-56175
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names...
CVE-2024-56174
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history...
CVE-2024-56175
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names...
CVE-2024-56174
Optimizely Configured Commerce prior to 5.2.2408 is affected by a stored XSS due to client-side template injection in search history. The vulnerability arises from storing malicious payloads that may be executed in users’ browsers under certain conditions. Affected software: Optimizely Configured...
CVE-2024-56175
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names...
CVE-2024-56175
CVE-2024-56175 affects Optimizely Configured Commerce prior to 5.2.2408. The vulnerability arises from a client-side template injection in list item names, enabling stored XSS where malicious payloads can be stored and later executed in users’ browsers under specific conditions. Affected versions...
CVE-2024-56174
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history...