Maven package
org.apache.velocity.tools/velocity-tools-parent
pkg:maven/org.apache.velocity.tools/velocity-tools-parent
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-13959 | — | < 3.1 | 3.1 | Mar 10, 2021 | The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow |
- CVE-2020-13959Mar 10, 2021affected < 3.1fixed 3.1
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow