Lucene search
K

790 matches found

CVE
CVE
added 2022/01/10 12:0 a.m.135 views

CVE-2021-21408

Smarty (PHP template engine) is affected by CVE-2021-21408. The vulnerability allows template authors to run restricted static PHP methods due to a flaw present in versions before 3.1.43 and 4.0.3. The issue arises from how templates can invoke static methods, enabling potential code execution. R...

8.8CVSS8.6AI score0.0222EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2022/01/10 12:0 a.m.6 views

PT-2022-9201 · Smarty +2 · Smarty +2

Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.43 Smarty versions prior to 4.0.3 Description: Smarty is a template engine for PHP that facilitates the separation of presentation from application logic. Template authors could run restricted static php methods...

9.8CVSS6.8AI score0.82316EPSS
Exploits5References67
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.7 views

Smarty 输入验证错误漏洞

Smarty is Smarty is a template engine for PHP that facilitates the separation of representation HTML/CSS from application logic. A security vulnerability exists in Smarty that stems from Smarty is a template engine for PHP that facilitates the separation of representation HTML CSS from applicatio...

8.8CVSS6.5AI score0.0222EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2022/01/10 12:0 a.m.7 views

CVE-2021-29454 Sandbox Escape by math function in smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

8.1CVSS7.5AI score0.01927EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2022/01/10 12:0 a.m.36 views

CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

8.8CVSS6.1AI score0.0222EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/01/10 12:0 a.m.36 views

CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

8.8CVSS6.4AI score0.01927EPSS
Exploits0
CNVD
CNVD
added 2022/01/06 12:0 a.m.12 views

Latte Cross-Site Scripting Vulnerability

Latte is a template engine for Nette Foundation's Php. Latte in version 2.8.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client...

8.2CVSS3.2AI score0.00817EPSS
Exploits0References1
NVD
NVD
added 2022/01/04 8:15 p.m.19 views

CVE-2022-21648

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...

8.2CVSS0.00817EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/01/04 8:15 p.m.19 views

CVE-2022-21648

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...

8.2CVSS6.7AI score0.00817EPSS
Exploits0References3
OSV
OSV
added 2022/01/04 8:15 p.m.1 views

UBUNTU-CVE-2022-21648

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...

8.2CVSS6.7AI score0.00817EPSS
Exploits0References4
CVE
CVE
added 2022/01/04 8:10 p.m.71 views

CVE-2022-21648

Latte (PHP template engine) versions since 2.8.0 expose a sandbox escape in the built-in template sandbox, allowing injection into HTML pages generated from Latte and potentially enabling XSS. The issue is confirmed by multiple sources and is fixed in version 2.8.8, 2.9.6, and 2.10.8. If upgradin...

8.2CVSS6.4AI score0.00817EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/12/17 12:0 a.m.2 views

latte 安全漏洞

Latte is a template engine for Php from the Nette Foundation. A security vulnerability exists in latte versions prior to 2.10.6, which stems from the existence of methods to bypass allowFunctions in the software, which affects the security of the application. When a template is set to allow or...

9.8CVSS8.2AI score0.01576EPSS
Exploits1References4
CNVD
CNVD
added 2021/12/09 12:0 a.m.20 views

Laravel Framework Cross-Site Scripting Vulnerability

Laravel Framework is a PHP-based web application development framework by Taylor Otwell, a personal developer.Laravel Framework has a cross-site scripting vulnerability that can be exploited by attackers to perform xss attacks through the Blade template engine...

6.1CVSS2.3AI score0.00799EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.4 views

Laravel Framework 加密问题漏洞

Laravel Framework is a PHP-based web application development framework by Taylor Otwell, a personal developer.Laravel Framework has a cross-site scripting vulnerability that can be exploited by attackers to perform xss attacks through the Blade template engine...

6.1CVSS5.2AI score0.00799EPSS
Exploits1References10
Check Point Advisories
Check Point Advisories
added 2021/12/05 12:0 a.m.1 views

Java Server Side Template Injection

A remote attacker can inject malicious commands into a template engine. Successful exploitation could result in the execution of arbitrary code in the affected web server...

4.7AI score
Exploits0
Snyk
Snyk
added 2021/11/26 3:2 p.m.4 views

Access Control Bypass

Overview latte/latte is an intuitive and fast template engine for those who want the most secure PHP sites. Introduces context-sensitive escaping. Affected versions of this package are vulnerable to Access Control Bypass. There is a way to bypass allowFunctions that will affect the security of th...

9.8CVSS7AI score0.01576EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2021/11/10 4:41 p.m.36 views

Insecure Inherited Permissions in neoan3-apps/template

Impact Versions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by...

9.8CVSS1.2AI score0.01532EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/11/10 4:41 p.m.11 views

GHSA-3V56-Q6R6-4GCW Insecure Inherited Permissions in neoan3-apps/template

Impact Versions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by...

7.5CVSS9.4AI score0.01532EPSS
Exploits0References5
OSV
OSV
added 2021/11/09 8:26 a.m.20 views

RLSA-2021:4161 Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: python-jinja2: ReDoS vulnerability due to the sub-pattern CVE-2020-28493 For...

7.5CVSS5.9AI score0.03546EPSS
Exploits1References2
AlmaLinux
AlmaLinux
added 2021/11/09 8:26 a.m.55 views

Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: python-jinja2: ReDoS vulnerability due to the sub-pattern CVE-2020-28493 For...

5.3CVSS6AI score0.03546EPSS
Exploits1References2
Rows per page
Query Builder