ROOT-APP-MAVEN-CVE-2020-13959 CVE-2020-13959 in io.root.org.apache.velocity:velocity-tools - Patched by Root

Root has patched CVE-2020-13959 in the io.root.org.apache.velocity:velocity-tools package for Root:Maven. Multiple fixed versions available...

Unity Linux 20.1070e Security Update: velocity-tools (UTSA-2026-016718)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016718 advisory. The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an X...

Ubuntu: Security Advisory (USN-6282-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6282-1 velocity-tools vulnerability

Jackson Henry discovered that Velocity Tools incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Velocity Tools vulnerability (USN-6282-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6282-1 advisory. Jackson Henry discovered that Velocity Tools incorrectly handled certain inputs. If a user or an automated system were tricked into openin...

Debian: Security Advisory (DLA-2597-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2597-1] velocity-tools security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2597-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 17, 2021 https://wiki.debian.org/LTS -...

DLA-2597-1 velocity-tools - security update

Bulletin has no description...

ai.databand.azkaban:azkaban-web-server (=3.18.0), at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.3.2) +1360 more potentially affected by CVE-2020-13959 via org.apache.velocity:velocity-tools (>=1.3 <=2.0)

org.apache.velocity:velocity-tools MAVEN version =1.3, =9.1.1, =1.0.0, =1.0.0, =0.1, =2.1, =1.2.1, =1.0.0, =0.0.1, =0.0.1, =1.2.28, =1.0.0, =1.1.0 and more Source cves: CVE-2020-13959 Source advisory: OSV:GHSA-FH63-4R66-JC7V...

Cross-site scripting (XSS) in Apache Velocity Tools

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

GHSA-FH63-4R66-JC7V Cross-site scripting (XSS) in Apache Velocity Tools

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

Cross-site Scripting (XSS)

velocity-tools-view is vulnerable cross-site scripting XSS. An attacker is able to inject and execute malicious script in a user's browser as it does not escape a user-provided vm file as part of the URL which displayed in the error page...

CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

Cross site scripting

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

UBUNTU-CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

CVE-2020-13959

CVE-2020-13959 affects Apache Velocity Tools before 3.1. The vulnerability lies in the default VelocityView error page which reflects back the vm file entered in the URL, enabling an attacker to supply an XSS payload via the vm parameter. When a user clicks a crafted URL, the payload can execute ...

CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...