Lucene search
K

33 matches found

CNNVD
CNNVD
added 2024/02/29 12:0 a.m.5 views

livehelperchat Security Breach

livehelperchat is an open source application that provides free live support on a website through live helperchat. A security vulnerability exists in livehelperchat version 4.28v, which stems from the presence of a Server Template Injection SSTI vulnerability...

9.8CVSS7AI score0.01472EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/11/01 12:15 a.m.3 views

CVE-2023-47097

A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...

5.4CVSS5.9AI score0.00407EPSS
Exploits1References2
OSV
OSV
added 2023/11/01 12:15 a.m.6 views

CVE-2023-47097

A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...

5.4CVSS5.9AI score0.00407EPSS
Exploits1References1
CVE
CVE
added 2023/10/31 12:0 a.m.71 views

CVE-2023-47097

The CVE-2023-47097 issue affects Virtualmin 7.7, specifically the Server Templates feature under System Settings. A Stored XSS can occur through the Template name field when creating server templates, enabling remote attackers to inject arbitrary script/HTML. Root cause: input handling in the Tem...

5.4CVSS5.2AI score0.00407EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/31 12:0 a.m.14 views

CVE-2023-47097

A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...

5.5AI score0.00407EPSS
Exploits1References1
OSV
OSV
added 2022/06/20 8:17 p.m.4 views

MAL-2022-2742 Malicious code in engage-digital-source-server-template-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0c97fe821ca3d5c78fb60b3fe09444c3b2792eba5cbf65779f0b9e8b78cf9c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/02/11 9:15 p.m.3 views

CVE-2021-46362

A Server-Side Template Injection SSTI vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter...

9.8CVSS6.1AI score0.04663EPSS
Exploits1References2
Gitee
Gitee
added 2020/07/23 12:15 p.m.5 views

vulhub

It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable docker environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The tool is designed to be used for testing and training purposes, allowing users to practice...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/07/18 6:53 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but it appears to be a collection of various vulnerabilities, including but not limited to, SQL injection, cross-site scripting XSS, and server-side templa...

8AI score
Exploits0
OSV
OSV
added 2020/06/23 6:15 a.m.2 views

CVE-2019-20409

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability...

9.8CVSS7.8AI score0.02482EPSS
Exploits0References1
Gitee
Gitee
added 2020/05/05 4:26 p.m.3 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Flask SSTI Server-Side Template Injection vulnerability. The target product/service is Flask, a Python web framework. The probable entry point is the flask/ssti directory, where the...

8.3AI score
Exploits0
PyPA
PyPA
added 2019/04/22 4:29 p.m.7 views

PYSEC-2019-155

python-dbusmock before version 0.15.1 AddTemplate D-Bus method call or DBusTestCase.spawnservertemplate method could be tricked into executing malicious code if an attacker supplies a .pyc file...

9.3CVSS7.2AI score0.01815EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/04/22 4:29 p.m.2 views

DEBIAN-CVE-2015-1326

python-dbusmock before version 0.15.1 AddTemplate D-Bus method call or DBusTestCase.spawnservertemplate method could be tricked into executing malicious code if an attacker supplies a .pyc file...

8.8CVSS7.1AI score0.01815EPSS
Exploits0References1
Rows per page
Query Builder