45 matches found
CVE-2023-45303
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
VulnCheck KEV: CVE-2022-4708
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavetemplateconditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the...
jpress command injection vulnerability
Jpress is a set of blogging platform developed by the Jpress team using the Java language. jpress has a security vulnerability that can be exploited by attackers to inject some malicious code through functional modifications to the template...
CVE-2021-45806
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code...
CVE-2021-45806
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code...
Code injection
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code...
CVE-2021-45806
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code...
CVE-2021-45806
CVE-2021-45806 affects jpress v4.2.0: the admin panel exposes a function that allows attackers to modify templates and inject malicious code. The reported impact is malicious code injection via template modification, but the provided documents do not specify the exact root cause, vulnerable compo...
velocity: arbitrary code execution when attacker is able to modify templates
A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...
CVE-2021-41120
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...
velocity: arbitrary code execution when attacker is able to modify templates
A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...
velocity: arbitrary code execution when attacker is able to modify templates
A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...
velocity: arbitrary code execution when attacker is able to modify templates
A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...
velocity: arbitrary code execution when attacker is able to modify templates
A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...
velocity: arbitrary code execution when attacker is able to modify templates
A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...
velocity: arbitrary code execution when attacker is able to modify templates
A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...
velocity: arbitrary code execution when attacker is able to modify templates
A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...
OESA-2021-1157 velocity security update
Velocity is a Java-based template engine. It permits anyone to use the simple yet powerful template language to reference objects defined in Java code. Security Fixes: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the...
Mono MonoX CMS Code Execution Vulnerability
MonoX CMS is an ASP.NET-based content management system CMS and social networking platform from Mono Croatia. A security vulnerability exists in Mono MonoX CMS 5.1.40.5152 and earlier versions. The vulnerability can be exploited by an attacker to execute arbitrary code by modifying an ASPX templa...
CVE-2020-12470
MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template...