CVE-2024-56174

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history...

CVE-2024-53554

A Client-Side Template Injection CSTI vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details...

PT-2024-35774 · Taiga · Taiga

Name of the Vulnerable Software and Affected Versions: Taiga version 8.6.1 Description: A Client-Side Template Injection CSTI issue in the /project/new/scrum component allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. Recommendation...

CVE-2024-53554

Taiga v8.6.1 is affected by a Client-Side Template Injection (CSTI) in the /project/new/scrum component. An attacker can remotely execute arbitrary code by injecting a malicious payload into new project details. The documents do not provide exploit details or confirmation of a fix at this time.

CVE-2024-37846

MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection CSTI vulnerability via the Platform Management Edit page...

CVE-2024-37846

MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection CSTI vulnerability via the Platform Management Edit page...

CVE-2024-46366

A Client-side Template Injection CSTI vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the...

CVE-2024-46366

Webkul Krayin CRM 1.3.0 is affected by a Client-side Template Injection (CSTI) vulnerability during lead creation, allowing an attacker to inject malicious template code and potentially escalate privileges within the CRM. No exploit details are provided in the available documents. The Red Hat PT ...

Bagisto 2.1.2 Client-Side Template Injection

Exploit Title: Bagisto 2.1.2 Client-Side Template InjectionCSTI VueJS Date: 06/18/2024 Exploit Author: tmrswrr Vendor Homepage: https://forums.bagisto.com/ Version: 2.1.2 Tested on: https://demo.bagisto.com/ https://demo.bagisto.com/bagisto-common/search?query=77 49...

GO-2024-2875 Wiki.js Stored XSS through Client Side Template Injection in github.com/requarks/wiki

Wiki.js Stored XSS through Client Side Template Injection in github.com/requarks/wiki...

Akaunting 3.1.8 Client-Side Template Injection

Exploit Title: Akaunting 3.1.8 - Client Side Template Injection CSTI Exploit Author: tmrswrr Date: 30/05/2024 Vendor: https://akaunting.com/forum Software Link: https://akaunting.com/apps/crm Vulnerable Versions: 3.1.8 1 Login with admin cred and go to : Currencies New Currency...

CVE-2024-34710 Wiki.js Stored XSS through Client Side Template Injection

Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection ...

CVE-2024-34710 Wiki.js Stored XSS through Client Side Template Injection

Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection ...

CVE-2023-26060

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...

Input validation

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...

CVE-2023-26060

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...

CVE-2023-26060

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

FortiAnalyzer - XSS vulnerability due to AngularJS Client-Side Template injection

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAnalyzer may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer...