CVE-2026-5987 | Sanluan PublicCMS up to 6.202506.d FreeMarker Template AbstractFreemarkerView.java AbstractFreemarkerView.doRender special elements used in a template engine (Issue 113)

A vulnerability, which was classified as critical, was found in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker Template Handler. Such manipulation leads to improper neutralization of special elements used in a template engine.

This vulnerability is referenced as CVE-2026-5987. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-5987 | Sanluan PublicCMS up to 6.202506.d FreeMarker Template AbstractFreemarkerView.java AbstractFreemarkerView.doRender special elements used in a template engine (Issue 113)

Post correlati

CVE-2023-35022 | IBM InfoSphere Information Server 11.7 improper authorization (XFDB-258254)

CVE-2025-27155 | matrix-org pinecone up to ea4c337 pineconesim cross site scripting

CVE-2023-6465 | PHPGurukul Nipah Virus Testing Management System 1.0 registered-user-testing.php regmobilenumber cross site scripting

CVE-2024-47104 | IBM i 7.4/7.5 Physical File Security Attributes permission assignment