CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

jte 安全漏洞

jte Java Template Engine is a secure and fast template for Java and Kotlin by the individual developer Andreas Hager. A security vulnerability exists in jte 3.1.15 and earlier versions, which stems from improper escaping of backquotes in JavaScript template strings and is vulnerable to cross-site...

JVN#17298485 Mayaa cross-site scripting vulnerability

Mayaa from Seasar Project is an open source Java template engine. The default error page that Mayaa displays contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Apply the latest update provided by the...

Mayaa cross-site scripting vulnerability

Overview Mayaa, a Java template engine from the Seasar Project, contains a cross-site scripting vulnerability. Mayaa from the Seasar Project is an open source Java template engine. A cross-site scripting vulnerability exists in Mayaa. Impact An arbitrary script may be executed on the user's web...