CVE-2025-23026 in jte정보

요약

\~에 의해 MITRE • 2025. 01. 13.

jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with `script` tags or script attributes that include a Javascript template string (backticks) are subject to XSS. The `javaScriptBlock` and `javaScriptAttribute` methods in the `Escape` class do not escape backticks, which are used for Javascript template strings. Dollar signs in template strings should also be escaped as well to prevent undesired interpolation. HTML templates rendered by Jte's `OwaspHtmlTemplateOutput` in versions less than or equal to `3.1.15` with `script` tags or script attributes that contain Javascript template strings (backticks) are vulnerable. Users are advised to upgrade to version 3.1.16 or later to resolve this issue. There are no known workarounds for this vulnerability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

책임이 있는

GitHub M

예약하다

2025. 01. 10.

모더레이션

수락

항목

VDB-291348

EPSS

0.00285

출처

Interested in the pricing of exploits?

See the underground prices here!