PT-2021-9683
Name of the Vulnerable Software and Affected Versions Apache Velocity Tools versions prior to 3.1 Description The default error page for VelocityView in Apache Velocity Tools reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in...