790 matches found
CVE-2021-21408
Smarty (PHP template engine) is affected by CVE-2021-21408. The vulnerability allows template authors to run restricted static PHP methods due to a flaw present in versions before 3.1.43 and 4.0.3. The issue arises from how templates can invoke static methods, enabling potential code execution. R...
PT-2022-9201 · Smarty +2 · Smarty +2
Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.43 Smarty versions prior to 4.0.3 Description: Smarty is a template engine for PHP that facilitates the separation of presentation from application logic. Template authors could run restricted static php methods...
Smarty 输入验证错误漏洞
Smarty is Smarty is a template engine for PHP that facilitates the separation of representation HTML/CSS from application logic. A security vulnerability exists in Smarty that stems from Smarty is a template engine for PHP that facilitates the separation of representation HTML CSS from applicatio...
CVE-2021-29454 Sandbox Escape by math function in smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...
CVE-2021-21408
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...
CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...
Latte Cross-Site Scripting Vulnerability
Latte is a template engine for Nette Foundation's Php. Latte in version 2.8.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client...
CVE-2022-21648
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...
CVE-2022-21648
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...
UBUNTU-CVE-2022-21648
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...
CVE-2022-21648
Latte (PHP template engine) versions since 2.8.0 expose a sandbox escape in the built-in template sandbox, allowing injection into HTML pages generated from Latte and potentially enabling XSS. The issue is confirmed by multiple sources and is fixed in version 2.8.8, 2.9.6, and 2.10.8. If upgradin...
latte 安全漏洞
Latte is a template engine for Php from the Nette Foundation. A security vulnerability exists in latte versions prior to 2.10.6, which stems from the existence of methods to bypass allowFunctions in the software, which affects the security of the application. When a template is set to allow or...
Laravel Framework Cross-Site Scripting Vulnerability
Laravel Framework is a PHP-based web application development framework by Taylor Otwell, a personal developer.Laravel Framework has a cross-site scripting vulnerability that can be exploited by attackers to perform xss attacks through the Blade template engine...
Laravel Framework 加密问题漏洞
Laravel Framework is a PHP-based web application development framework by Taylor Otwell, a personal developer.Laravel Framework has a cross-site scripting vulnerability that can be exploited by attackers to perform xss attacks through the Blade template engine...
Java Server Side Template Injection
A remote attacker can inject malicious commands into a template engine. Successful exploitation could result in the execution of arbitrary code in the affected web server...
Access Control Bypass
Overview latte/latte is an intuitive and fast template engine for those who want the most secure PHP sites. Introduces context-sensitive escaping. Affected versions of this package are vulnerable to Access Control Bypass. There is a way to bypass allowFunctions that will affect the security of th...
Insecure Inherited Permissions in neoan3-apps/template
Impact Versions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by...
GHSA-3V56-Q6R6-4GCW Insecure Inherited Permissions in neoan3-apps/template
Impact Versions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by...
RLSA-2021:4161 Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: python-jinja2: ReDoS vulnerability due to the sub-pattern CVE-2020-28493 For...
Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: python-jinja2: ReDoS vulnerability due to the sub-pattern CVE-2020-28493 For...