Search CVE reports
1 result
CVE-2020-13959
Medium prioritySome fixes available 3 of 7
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this...
1 affected packages
velocity-tools
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| velocity-tools | — | Not affected | Fixed | Fixed | Fixed |