63 matches found
CVE-2023-26060
An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...
CVE-2023-26060
An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...
CVE-2022-27665
Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...
CVE-2022-27665
Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...
FortiAnalyzer - XSS vulnerability due to AngularJS Client-Side Template injection
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAnalyzer may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer...
(Pwn2Own) Microsoft Teams chat Client-Side Template Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. No user interaction is required if the attacker and target are in the same Teams organization. The specific flaw exists within the rendering of chat messages. Crafted data in a chat...
CVE-2022-22112
In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...
Design/Logic Flaw
In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...
CVE-2022-22112 DayByDay CRM - Application-Wide Client-Side Template Injection (CSTI)
In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...
CVE-2022-22112 DayByDay CRM - Application-Wide Client-Side Template Injection (CSTI)
In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...
CVE-2022-22112
CVE-2022-22112 affects DayByDay CRM, versions 1.1–2.2.1. The issue is an application-wide Client-Side Template Injection (CSTI) that allows a low-privileged attacker to input template payloads at multiple locations to execute JavaScript in the client browser. The primary sources describe the vuln...
CVE-2022-22112
In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...
CVE-2021-30214
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...
Design/Logic Flaw
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...
CVE-2021-30214
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...
CVE-2020-9437
SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS...
CVE-2019-17127
A Stored Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation...
CVE-2019-17125
A Reflected Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS...
CVE-2019-17125
A Reflected Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS...
CVE-2019-17127
A Stored Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation...