Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.8 views

CVE-2025-23026

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

6.1CVSS6.6AI score0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-0046

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00285EPSS
Exploits0References6
NVD
NVD
added 2025/01/13 8:15 p.m.17 views

CVE-2025-23026

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

6.1CVSS0.00285EPSS
Exploits0References3
CVE
CVE
added 2025/01/13 7:36 p.m.35 views

CVE-2025-23026

Summary: CVE-2025-23026 affects jte (Java Template Engine)

6.1CVSS6.2AI score0.00285EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/13 7:36 p.m.13 views

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

6.1CVSS6.7AI score0.00285EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/13 7:36 p.m.18 views

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

6.1CVSS0.00285EPSS
Exploits0References3
OSV
OSV
added 2025/01/13 4:57 p.m.2 views

GHSA-VH22-6C6H-RM8Q jte's HTML templates containing Javascript template strings are subject to XSS

Summary Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. Details The javaScriptBlock and javaScriptAttribute methods in the Escape class source do not escape backticks, which are used for Javascript template strings...

6.1CVSS5.9AI score0.00285EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2025/01/13 4:57 p.m.8 views

ch.helvethink.odoo4java:java-odoo-xml-rpc-plugin (>=0.0.1 <=0.0.6), com.hexagonkt:templates_jte (>=3.6.0 <=3.7.3) +52 more potentially affected by CVE-2025-23026 via gg.jte:jte (>=1.0.0 <=3.1.15)

gg.jte:jte MAVEN version =1.0.0, =0.0.1, =3.6.0, =4.0.0-A1, =0.7.0, =0.5.1, =0.7.0, =0.8.0, =0.7.0, =0.1.1, =0.5.1 - eu.aronnax.smartconstraints:smartconstraints-reportaggregate =0.5.1 and more Source cves: CVE-2025-23026 Source advisory: OSV:GHSA-VH22-6C6H-RM8Q...

6.1CVSS5.8AI score0.00285EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/01/13 4:57 p.m.6 views

ch.helvethink.odoo4java:java-odoo-xml-rpc-plugin (>=0.0.1 <=0.0.6), com.hexagonkt:templates_jte (>=3.6.0 <=3.7.3) +57 more potentially affected by CVE-2025-23026 via gg.jte:jte-runtime (>=1.0.0 <=3.1.15)

gg.jte:jte-runtime MAVEN version =1.0.0, =0.0.1, =3.6.0, =4.0.0-A1, =0.7.0, =0.5.1, =0.7.0, =0.8.0, =0.7.0, =0.14.0, =0.1.1, =0.5.1 and more Source cves: CVE-2025-23026 Source advisory: OSV:GHSA-VH22-6C6H-RM8Q...

6.1CVSS5.8AI score0.00285EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/01/13 4:57 p.m.21 views

jte's HTML templates containing Javascript template strings are subject to XSS

Summary Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. Details The javaScriptBlock and javaScriptAttribute methods in the Escape class source do not escape backticks, which are used for Javascript template strings...

6.1CVSS6AI score0.00285EPSS
Exploits0References6Affected Software2
Spring Security Advisories
Spring Security Advisories
added 2024/10/08 12:0 a.m.7 views

This Week in Spring - October 8th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Antwerp, Belgium, for the amazing Devoxx Belgium 2024 event! I am so happy to be back here, one of the best shows in the Java ecosystem! We've got a lot to get into so let's dive right in! From Spring Cloud Data Flow...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/03/22 12:0 a.m.30 views

Reflectionless Templates With Spring

A few Java libraries have shown up recently that use text templates, but compile to Java classes at build time. They can thus claim to some extent to be "reflection free". Together with potential benefits of runtime performance, they promise to be easy to use and integrate with GraalVM native ima...

7.2AI score
Exploits0
Rows per page
Query Builder