Cross-site Scripting (XSS)

DOMPurify is vulnerable to cross-site scripting XSS. The vulnerability is due to SAFEFORTEMPLATES not stripping ... expressions in RETURNDOM or RETURNDOMFRAGMENT modes, which allows an attacker to exploit template-evaluating frameworks like Vue 2 to execute malicious scripts...

EUVD-2022-34365

Malicious code in bioql PyPI...

CVE-2019-7903

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template...

CVE-2025-3214 JFinal CMS readTemplate engine.getTemplate path traversal

A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit...

PT-2022-10089 · Unknown · October Cms

Name of the Vulnerable Software and Affected Versions: October CMS versions prior to 1.0.473 and 1.1.6 Description: The issue allows an attacker with "create, modify and delete website pages" privileges in the backend to execute PHP code by running specially crafted Twig code in the template...

UBUNTU-CVE-2014-8350

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template...

MKPortal 1.2.1 /modules/blog/index.php Home Template Textarea SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/33300/info MKPortal is prone to multiple security vulnerabilities, including SQL-injection, HTML-injection, cross-site scripting, arbitrary-file-upload, and insecure-temporary-file-creation vulnerabilities. Attackers can...