Description
MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.
Remediation
References
https://github.com/ming-soft/MCMS/issues/59
Related Vulnerabilities
CVE-2020-27223 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2020-7661 Vulnerability in maven package org.webjars.npm:url-regex
CVE-2023-26105 Vulnerability in npm package utilities
CVE-2022-25860 Vulnerability in maven package org.webjars.npm:simple-git
CVE-2023-35153 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui