83 matches found
Embedthis Software GoAhead 资源管理错误漏洞
Embedthis Software GoAhead is an open source, small embedded web server from Embedthis Software, USA. A resource management error vulnerability exists in Embedthis Software GoAhead versions 6.0.0 and earlier, which stems from failing to clear JST values when they are freed during the parsing of J...
golang: html/template: improper handling of HTML-like comments within script contexts
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...
golang: html/template: improper handling of HTML-like comments within script contexts
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...
golang: html/template: improper handling of HTML-like comments within script contexts
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...
golang: html/template: improper handling of HTML-like comments within script contexts
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...
golang: html/template: improper handling of special tags within script contexts
A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...
golang: html/template: improper handling of HTML-like comments within script contexts
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...
golang: html/template: improper handling of HTML-like comments within script contexts
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...
DEBIAN-CVE-2023-39318
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS atta...
UBUNTU-CVE-2023-39318
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS atta...
PT-2023-9457 · Unknown +10 · Html/Template +10
Name of the Vulnerable Software and Affected Versions: html/template package affected versions not specified Description: The issue is related to the html/template package not applying proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider...
AZL-78990 CVE-2023-24538 affecting package golang 1.25.7-1
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
UBUNTU-CVE-2019-20922
Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...
CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43144)
CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxphppecl.php file not proper...
Mozilla: Incorrect parsing of template tag could result in JavaScript injection
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...
zzzphpV1. 6. 1 Remote Code Execution Vulnerability simple analysis-vulnerability warning-the black bar safety net
0x1 Foreword The Prophet chanced to see an article zzzphp V1. 6. 1 Remote Code Execution Vulnerability Analysis,on the stencil getshell actually very common,this vulnerability analysis of the fun is tracking malicious code with the full process,it is a pity the Prophet on the author May in this...
zzzcms zzzphp dynamic code execution vulnerability
zzzcms zzzphp is a content management system CMS. A security vulnerability exists in version V1.6.1 of zzzcms zzzphp, which stems from a lax filtering of search template parsing on the search page. An attacker can exploit this vulnerability to execute PHP code...
DEDECMS member center code submit defects can getshell
Preface : dedecms this year to update a lot of patches,the present article selected 20170315 patch for learning and research. Body: From the official website to download DEDECMS 20170315 patch using DIFF comparison tools for comparison: See the Red part, the servermsg1 variables appearing in dede...
DEDECMS website management system template execution vulnerability-vulnerability warning-the black bar safety net
DEDECMS website management system template execution vulnerability One not careful, your server will be hacked, such as database password is too simple, the server password is too simple, or CMS system vulnerabilities. The following is a DEDE of the template execution vulnerability. Vulnerability...
VELOCITY local code execution vulnerability-vulnerability warning-the black bar safety net
by emptiness prodigal heart velocity is a J2EE MVC architecture the most commonly used presentation layer template file, due to the excellent performance, very much of the J2EE Application, use this template. Usually when in use, and other framework-binding, the most common framework is struts2,...