Description

The application allows injecting malicious entries into a client-side command template. This vulnerability occurs when an attacker can use the template's template syntax to inject a malicious payload into a template, which is then executed on the client side.

Impact

- Generate dynamic client-side content. - Execution of unwanted code in the context of the user's browser. - Theft of sensitive information. - Manipulation of page content. - Malware propagation

Recommendation

Properly sanitize user-controlled inputs.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 1440 minutes.

Requirements

Fixes