Templates containing actions in... CVE-2023-29400

- AV AC AU C I A
发布: 2023-05-11
修订: 2023-11-07

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有2条受影响产品信息