CVE-2023-47542

MEDIUM Year: 2023
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-1336
View all →

Vulnerability Description

A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.

Related Vulnerabilities

CVE-2024-25624

MEDIUM
CVSS:6.8(Medium)

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web...

CWE-13362024

CVE-2023-41047

MEDIUM
CVSS:6.5(Medium)

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that wi...

CWE-13362023

CVE-2024-55652

MEDIUM
CVSS:6.5(Medium)

PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the ...

CWE-13362024

CVE-2024-39766

HIGH
CVSS:7.0(High)

Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of priv...

CWE-13362024

CVE-2022-0896

HIGH
CVSS:7.1(High)

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.

CWE-13362022

CVE-2024-34710

HIGH
CVSS:7.1(High)

Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute...

CWE-13362024