Server-side template injection

Description
  • This script is possibly vulnerable to Server-side template injection attacks.

    Server-side template injection occurs when user-controlled input is embedded into a server-side template, allowing users to inject template directives. This allows an attacker to inject malicious template directives and possibly execute arbitrary code on the affected server.
Remediation
  • Templates should not be created from user-controlled input. User input should be passed to the template using template parameters.
References