Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:9 p.m.5 views

CVE-2020-28246

A Server-Side Template Injection SSTI was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and on...

9.8CVSS7.8AI score0.02177EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/06/03 12:0 a.m.5 views

formio-workers (>=1.0.0 <=1.5.0), ng2-formio (>=1.0.0-rc.24 <=1.0.0-rc.28) +1 more potentially affected by CVE-2020-28246 via formio (=1.91.13)

formio NPM version =1.91.13 is affected by a known vulnerability. The following packages have a transitive dependency on formio and may be impacted: - formio-workers =1.0.0, =1.0.0-rc.24, =1.0.0-rc.28 - v-formio-custom-component =0.1.1 Source cves: CVE-2020-28246 Source advisory:...

9.8CVSS7.2AI score0.02177EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/05/31 12:0 a.m.10 views

CVE-2020-28246

A Server-Side Template Injection SSTI was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and on...

7.8AI score0.02177EPSS
Exploits0References2
CVE
CVE
added 2022/05/31 12:0 a.m.1764 views

CVE-2020-28246

CVE-2020-28246 describes a Server-Side Template Injection (SSTI) in Form.io 2.0.0 that leads to Remote Code Execution during the deletion of the default Email template URL. The vulnerability stems from the SSTI in the templating flow; the email templating service was removed after 2020, and Form....

9.8CVSS9.8AI score0.02177EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder