Twig
Sign in to watchby Sensiolabs
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2001-1537 | Hig | 0.49 | 7.5 | 0.00 | Dec 31, 2001 | The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. | |
| CVE-2015-7809 | 0.00 | — | 0.02 | Nov 6, 2015 | The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template. |