vulnerability

Server Side Template Injection - Template addition

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Jan 1, 2018	Jun 27, 2018	Jun 27, 2018

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Jan 1, 2018

Added

Jun 27, 2018

Modified

Jun 27, 2018

Description

These Server Side Template injection techniques analyze the application's response to parameter values that are designed to be interpreted and executed by a template engine. Vulnerabilities identified by this module highlight problems with input validation routines and the creation of server side template statement. This indicates that the application has not fully validated user-supplied input. These errors can lead to XSS injection or arbitrary code execution.

Solution

serversidetemplateinjection-ssti-r01

References

CWE-97
OWASP-2010-A1
OWASP-2013-A1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today