2 matches found
GHSA-3V56-Q6R6-4GCW Insecure Inherited Permissions in neoan3-apps/template
Impact Versions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by...
DEBIAN-CVE-2011-0728
Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...