Server Side Template Injection (Blind)
- Risk:
High
- Type:
- Active
- CWE:
- CWE-74
- Summary
When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.
- Solution
Instead of inserting the user input in the template, use it as rendering argument.
HP pulls update that broke Microsoft Entra ID auth on some AI PCs
Meet the new Clippy: Microsoft unveils Copilot's "Mico" avatar
CISA warns of Lanscope Endpoint Manager flaw exploited in attacks
Microsoft disables File Explorer preview for downloads to block attacks
North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets
Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions
North Korean Lazarus hackers targeted European defense companies
Secure AI at Scale and Speed — Learn the Framework in this Free Webinar
ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More
Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236)
CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2021-43226 Microsoft Windows Privilege Escalation Vulnerability
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2017-0144 Microsoft SMBv1 Remote Code Execution Vulnerability
CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability
CWE-1235 Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations
CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CWE-395 Use of NullPointerException Catch to Detect NULL Pointer Dereference
CWE-1222 Insufficient Granularity of Address Regions Protected by Register Locks
Free online web security scanner