Lucene search
Velocity Tools Security Vulnerabilities - February
cve
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execut...
6.1CVSS
6.6AI Score
0.007EPSS
2021-03-10 08:15 AM
97
8