Cross-site Scripting (XSS)

Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Cross-site Scripting XSS via template output. An attacker can execute arbitrary scripts in the brows...

CVE-2025-65961

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

PT-2024-4417 · Ejs +3 · Ejs +3

Name of the Vulnerable Software and Affected Versions: ejs versions prior to 3.1.10 Description: The issue is related to the lack of certain pollution protection in the ejs package, which can be exploited to execute arbitrary code by injecting specially crafted JavaScript code. This can be done b...