55 matches found
EUVD-2002-1028
Malware in sbrugna...
EUVD-2002-1026
Malware in sbrugna...
EUVD-2002-1027
Malware in sbrugna...
EUVD-2005-0889
Malware in sbrugna...
EUVD-2005-0888
Malware in sbrugna...
EUVD-2022-0484
Malicious code in bioql PyPI...
EUVD-2022-0431
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-23803
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template ...
Linux Distros Unpatched Vulnerability : CVE-2022-21648
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a...
CVE-2022-21648
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...
GHSA-36M2-8RHX-F36J Sandbox bypass in Latte templates
Impact The problem affects users who use the sandbox in Latte and templates from untrusted sources. Patches Sandbox first appeared in Latte 2.8.0. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. References The issues were discovered by - JinYiTong https://github.com/JinYiTong - 赵钰迪...
Sandbox bypass in Latte templates
Impact The problem affects users who use the sandbox in Latte and templates from untrusted sources. Patches Sandbox first appeared in Latte 2.8.0. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. References The issues were discovered by - JinYiTong https://github.com/JinYiTong - 赵钰迪...
GHSA-6PJ2-5FQQ-XVJC Incorrect Authorization in latte/latte
This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters x00-x08 after the function will bypass these restriction...
Latte Cross-Site Scripting Vulnerability
Latte is a template engine for Nette Foundation's Php. Latte in version 2.8.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client...
Cross-site Scripting (XSS)
latte/latte is vulnerable to cross-site scripting. The vulnerability exists because the library allows to escape the template sandbox through the 'validateTokens' function in 'PhpWriter.php', allowing an attacker to inject script into web pages and its leads to XSS attack...
CVE-2022-21648
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...
Design/Logic Flaw
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...
CVE-2022-21648
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...
UBUNTU-CVE-2022-21648
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...
CVE-2022-21648
Latte (PHP template engine) versions since 2.8.0 expose a sandbox escape in the built-in template sandbox, allowing injection into HTML pages generated from Latte and potentially enabling XSS. The issue is confirmed by multiple sources and is fixed in version 2.8.8, 2.9.6, and 2.10.8. If upgradin...