RHCOS 4 : Red Hat build of MicroShift 4.14.0 (RHSA-2023:5008)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5008 advisory. - kube-apiserver: PrivEsc CVE-2023-1260 - kube-apiserver: Bypassing policies imposed by the ImagePolicyWebhook admission plugin...

CVE-2026-29107

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with tags. When a PDF is exported using this template, the content for example, is rendered server side, and thus a...

CVE-2026-30952

CVE-2026-30952 is associated with a path traversal vulnerability in liquidjs (see GHSA-WMFP-5Q7X-987X / OSV GHSA-WMFP-5Q7X-987X). The issue affects the template engine’s layout, render, and include tags, which can access arbitrary files via absolute paths when provided by a user-controlled templa...

EUVD-2026-5328

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its...

HTMLSanitizer 安全漏洞

HTMLSanitizer is an HTML formatting software open source by JuliaHub. Versions of HTMLSanitizer prior to 9.0.892 and 9.1.893-beta contained security vulnerabilities. These vulnerabilities stemmed from allowing template tags without cleaning their content, which could lead to cross-site scripting...

CVE-2021-22540

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags...

EUVD-2021-9681

Malicious code in bioql PyPI...

SUSE CVE-2018-17143

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...

SUSE CVE-2018-17848

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in insertionModeStack.pop in node.go, called from inHeadIM, during an html.Parse call...

SUSE CVE-2019-13458

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to...

USN-5269-1 python-django vulnerabilities

Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a cross-site scripting attack. CVE-2022-22818 Alan Ryan discovered that Django incorrectly handled file uploads. A remote attacker could possibly use this issu...

Design/Logic Flaw

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags...

CVE-2021-22540 XSS in Dart SDK

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags...

DEBIAN-CVE-2019-13458

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to...

PT-2018-13880 · Go · Html Package

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions prior to 2018-07-13 Description: The issue is related to the HTML parser mishandling "in frameset" insertion mode. This can lead to a panic when parsing malformed HTML that contains tags, potentially...

MGASA-2013-0283 Updated python-django package fixes security vulnerability

Rainer Koirikivi discovered a directory traversal vulnerability with 'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWEDINCLUDEROOTS' setting, used to represent allowed prefixes for the % ssi % template tag, is...

Updated python-django package fixes security vulnerability

Rainer Koirikivi discovered a directory traversal vulnerability with 'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWEDINCLUDEROOTS' setting, used to represent allowed prefixes for the % ssi % template tag, is...

Django "ssi"模板标签目录遍历漏洞(CVE-2013-4315)

BUGTRAQ ID: 62332 CVECAN ID: CVE-2013-4315 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django 1.4.7、1.5.3之前版本在处理"ssi"标签时没有在template/defaulttags.py内正确验证ALLOWEDINCLUDEROOTS设置，即用于读取文件，远程攻击者通过目录遍历序列利用此漏洞可获取敏感信息。 0 Django 1.5.x Django 1.4.x 厂商补丁： Django ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Debian DSA-2755-1 : python-django - directory traversal

Rainer Koirikivi discovered a directory traversal vulnerability with'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWEDINCLUDEROOTS' setting, used to represent allowed prefixes for the % ssi % template tag, is...

DSA-2755-1 python-django - directory traversal

Bulletin has no description...