12 matches found
CVE-2025-23026
jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...
EUVD-2025-0046
Malicious code in bioql PyPI...
CVE-2025-23026
jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...
CVE-2025-23026
Summary: CVE-2025-23026 affects jte (Java Template Engine)
CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte
jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...
CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte
jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...
GHSA-VH22-6C6H-RM8Q jte's HTML templates containing Javascript template strings are subject to XSS
Summary Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. Details The javaScriptBlock and javaScriptAttribute methods in the Escape class source do not escape backticks, which are used for Javascript template strings...
ch.helvethink.odoo4java:java-odoo-xml-rpc-plugin (>=0.0.1 <=0.0.6), com.hexagonkt:templates_jte (>=3.6.0 <=3.7.3) +52 more potentially affected by CVE-2025-23026 via gg.jte:jte (>=1.0.0 <=3.1.15)
gg.jte:jte MAVEN version =1.0.0, =0.0.1, =3.6.0, =4.0.0-A1, =0.7.0, =0.5.1, =0.7.0, =0.8.0, =0.7.0, =0.1.1, =0.5.1 - eu.aronnax.smartconstraints:smartconstraints-reportaggregate =0.5.1 and more Source cves: CVE-2025-23026 Source advisory: OSV:GHSA-VH22-6C6H-RM8Q...
ch.helvethink.odoo4java:java-odoo-xml-rpc-plugin (>=0.0.1 <=0.0.6), com.hexagonkt:templates_jte (>=3.6.0 <=3.7.3) +57 more potentially affected by CVE-2025-23026 via gg.jte:jte-runtime (>=1.0.0 <=3.1.15)
gg.jte:jte-runtime MAVEN version =1.0.0, =0.0.1, =3.6.0, =4.0.0-A1, =0.7.0, =0.5.1, =0.7.0, =0.8.0, =0.7.0, =0.14.0, =0.1.1, =0.5.1 and more Source cves: CVE-2025-23026 Source advisory: OSV:GHSA-VH22-6C6H-RM8Q...
jte's HTML templates containing Javascript template strings are subject to XSS
Summary Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. Details The javaScriptBlock and javaScriptAttribute methods in the Escape class source do not escape backticks, which are used for Javascript template strings...
This Week in Spring - October 8th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Antwerp, Belgium, for the amazing Devoxx Belgium 2024 event! I am so happy to be back here, one of the best shows in the Java ecosystem! We've got a lot to get into so let's dive right in! From Spring Cloud Data Flow...
Reflectionless Templates With Spring
A few Java libraries have shown up recently that use text templates, but compile to Java classes at build time. They can thus claim to some extent to be "reflection free". Together with potential benefits of runtime performance, they promise to be easy to use and integrate with GraalVM native ima...