Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading.....
9.8CVSS
9.8AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the /index keyword...
6.1CVSS
6AI Score
0.0005EPSS
A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content...
5.4CVSS
5.3AI Score
0.0004EPSS
An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted...
9.8CVSS
9.4AI Score
0.003EPSS
A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been....
5.4CVSS
5.2AI Score
0.001EPSS