7 matches found
HtmlSanitizer has a bypass via template tag
Impact If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: 1. it is still...
EUVD-2022-2720
Malicious code in bioql PyPI...
Winter 安全漏洞
Winter is a free and open source content management system based on the Laravel PHP framework by Winter Open Source. A security vulnerability exists in Winter versions prior to 1.2.7, 1.1.11, and 1.0.476, which stems from a user being able to bypass the sandboxing restriction of Twig files by...
PT-2024-31614
Name of the Vulnerable Software and Affected Versions: Twig versions prior to 1.44.8 Twig versions prior to 2.16.1 Twig versions prior to 3.14.0 Description: Under some circumstances, the sandbox security checks are not run, which allows user-contributed templates to bypass the sandbox...
SeaCMS Security Vulnerability
SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 12.9, which stems from the fact that although admintemplate. php imposes certain...
CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...
CVE-2019-9829
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/defaultpc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates...