VULHUB ™

Xephyrus Java Simple Template Engine is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied file-token data. Xephyrus Java Simple Template Engine permits that files may be loaded into templates using a 'file-token'. However, 'file-token' values may be overridden by URI parameters that are specified in a request for the script that contains 'file-token' entries.

Xephyrus Java Simple Template Engine is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied file-token data. Xephyrus Java Simple Template Engine permits that files may be loaded into templates using a 'file-token'. However, 'file-token' values may be overridden by URI parameters that are specified in a request for the script that contains 'file-token' entries.