EUVD-2024-0250

Malicious code in bioql PyPI...

CVE-2024-22199

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

ghtml Cross-Site Scripting (XSS) vulnerability

Summary It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting XSS vulnerability in some cases. Actions Taken - Updated the documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive protecti...

GHSA-VVHJ-V88F-5GXR ghtml Cross-Site Scripting (XSS) vulnerability

Summary It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting XSS vulnerability in some cases. Actions Taken - Updated the documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive protecti...

CVE-2024-22199

The CVE-2024-22199 entry concerns Cross-site Scripting (XSS) in the GoFiber Django template engine (github.com/gofiber/template/django/v3) used with Fiber. Root cause is improper handling of user-supplied data via the Views interface, enabling XSS unless autoescaping is enforced. A patch has been...

PYSEC-2023-37

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the...

SSTImap - Automatic SSTI Detection Tool With Interactive Interface

SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to be used as an interactive penetration testing tool for SSTI detection...

Server side template injection — SSTI vulnerability ⚠️

Server side template injection — SSTI vulnerability ⚠️ Introduction There is hardly any software development or other linked elements that haven’t fallen into the trap of cyber vulnerabilities. Templates, used for HTML code management on the server-side, are amongst them. The attack targeting the...

tplmap

This is an offensive tool for web application penetration testing. It is a Python tool called Tplmap, which assists in the exploitation of Code Injection and Server-Side Template Injection SSTI vulnerabilities. The tool uses a number of sandbox escape techniques to gain access to the underlying...

Automatic Server Side Template Injection Exploitation: Tplmap

Automatic Server Side Template Injection Exploitation Tplmap short for Template Mapper is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities SSTI. This assists SSTI exploitation to compromise the application and achieve remote command...