PT-2021-9683 · Apache +2 · Apache Velocity Tools +2

Name of the Vulnerable Software and Affected Versions: Apache Velocity Tools versions prior to 3.1 Description: The default error page for VelocityView in Apache Velocity Tools reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file i...