PT-2026-31664

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.9.5 Description OpenCTI is a platform for managing cyber threat intelligence. Prior to version 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with Manage customization capability can...

golang: html/template: improper handling of JavaScript whitespace

A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...

golang: html/template: improper handling of JavaScript whitespace

A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...

golang: html/template: improper handling of JavaScript whitespace

A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...

golang: html/template: improper handling of JavaScript whitespace

A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...

golang: html/template: improper handling of JavaScript whitespace

A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...

golang: html/template: improper handling of JavaScript whitespace

A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...

AZL-37517 CVE-2023-24540 affecting package golang for versions less than 1.21.6-1

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...

PT-2023-3321 · Alt Linux +9 · Alt Linux +9

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue is related to the handling of whitespace characters in JavaScript contexts. Not all valid JavaScript whitespace characters are...

Ubuntu: Security Advisory (USN-5348-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Privilege Escalation

cobbler is vulnerable to privilege escalation. The vulnerability exists due to the lack of template sanitization in the checkforinvalidimports function of templar.py, allowing Cheetah code to import Python modules without permission...

CVE-2021-45082

A flaw was found in cobbler. The vulnerability occurs due to incomplete template sanitization and leads to code injection. This flaw allows an attacker to interact and inject malicious codes and gain access to the system...

CVE-2020-7109

The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template...

DEBIAN-CVE-2018-13982

SmartySecurity::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...

UBUNTU-CVE-2018-13982

SmartySecurity::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...