CVE-2020-13959
CVE-2020-13959 affects Apache Velocity Tools before 3.1. The vulnerability lies in the default VelocityView error page which reflects back the vm file entered in the URL, enabling an attacker to supply an XSS payload via the vm parameter. When a user clicks a crafted URL, the payload can execute ...