33 matches found
livehelperchat Security Breach
livehelperchat is an open source application that provides free live support on a website through live helperchat. A security vulnerability exists in livehelperchat version 4.28v, which stems from the presence of a Server Template Injection SSTI vulnerability...
CVE-2023-47097
A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...
CVE-2023-47097
A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...
CVE-2023-47097
The CVE-2023-47097 issue affects Virtualmin 7.7, specifically the Server Templates feature under System Settings. A Stored XSS can occur through the Template name field when creating server templates, enabling remote attackers to inject arbitrary script/HTML. Root cause: input handling in the Tem...
CVE-2023-47097
A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...
MAL-2022-2742 Malicious code in engage-digital-source-server-template-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0c97fe821ca3d5c78fb60b3fe09444c3b2792eba5cbf65779f0b9e8b78cf9c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2021-46362
A Server-Side Template Injection SSTI vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter...
vulhub
It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable docker environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The tool is designed to be used for testing and training purposes, allowing users to practice...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but it appears to be a collection of various vulnerabilities, including but not limited to, SQL injection, cross-site scripting XSS, and server-side templa...
CVE-2019-20409
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Flask SSTI Server-Side Template Injection vulnerability. The target product/service is Flask, a Python web framework. The probable entry point is the flask/ssti directory, where the...
PYSEC-2019-155
python-dbusmock before version 0.15.1 AddTemplate D-Bus method call or DBusTestCase.spawnservertemplate method could be tricked into executing malicious code if an attacker supplies a .pyc file...
DEBIAN-CVE-2015-1326
python-dbusmock before version 0.15.1 AddTemplate D-Bus method call or DBusTestCase.spawnservertemplate method could be tricked into executing malicious code if an attacker supplies a .pyc file...