Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sandbox bypass in Latte templates
Vulnerability Description
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. Users unable to upgrade should not accept template input from untrusted sources.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Latte 跨站脚本漏洞
Vulnerability Description
Latte是Nette基金会的一个 Php 的模板引擎。 Latte存在安全漏洞,该漏洞源于2.8.0版本以来引入的沙箱模板,存在沙箱逃逸的情况,这允许注入从 Latte 生成的网页。 这可能会导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A