Security Advisory

CVE-2023-45303

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-06 00:00:00

Last updated 2024-09-19 18:41:34

Assigner mitre

State PUBLISHED

Description

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).

← Browse all CVEs View on cve.org ↗