{"id":20493921,"url":"https://github.com/qeeqbox/client-side-template-injection","last_synced_at":"2026-03-06T22:06:05.695Z","repository":{"id":104218841,"uuid":"582131089","full_name":"qeeqbox/client-side-template-injection","owner":"qeeqbox","description":"A threat actor may trick a victim into executing native template syntax on a vulnerable target","archived":false,"fork":false,"pushed_at":"2024-01-29T01:03:28.000Z","size":132,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-09T08:58:21.952Z","etag":null,"topics":["client","infosecsimplified","injection","qeeqbox","side","template","vulnerability"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qeeqbox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-25T20:03:25.000Z","updated_at":"2024-03-26T18:25:24.000Z","dependencies_parsed_at":"2024-01-29T02:49:03.816Z","dependency_job_id":null,"html_url":"https://github.com/qeeqbox/client-side-template-injection","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/qeeqbox/client-side-template-injection","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fclient-side-template-injection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fclient-side-template-injection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fclient-side-template-injection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fclient-side-template-injection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qeeqbox","download_url":"https://codeload.github.com/qeeqbox/client-side-template-injection/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fclient-side-template-injection/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30200756,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T19:07:06.838Z","status":"ssl_error","status_checked_at":"2026-03-06T18:57:34.882Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["client","infosecsimplified","injection","qeeqbox","side","template","vulnerability"],"created_at":"2024-11-15T17:37:34.387Z","updated_at":"2026-03-06T22:06:05.673Z","avatar_url":"https://github.com/qeeqbox.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/client-side-template-injection/main/client-side-template-injection.png\"\u003e\u003c/p\u003e\n\nA threat actor may trick a victim into executing native template syntax on a vulnerable target (This is similar SSTI but happens on the client side)\n\n## Example #1\n1. Threat actor crafts an exploit URL\n2. Bob logs in to the vulnerable website\n3. Threat actor tricks Bob into clicking on the exploit URL\n4. Bob clicks on the exploit URL, and the browser executes the exploit\n\n## Code\n#### Target-Logic\n```html\n\u003chtml\u003e\n  \u003cbody\u003e\n    \u003cdiv id=\"alert\"\u003e\u003c/d\u003e\n    \u003cscript\u003e\n    var url = new URL(window.location);\n    var alert = url.searchParams.get(\"alert\");\n    document.getElementById('alert').innerHTML = alert\n    document.body.style.backgroundColor = alert\n    \u003c/script\u003e\n  \u003c/body\u003e\n\u003c/html\u003e\n```\n\n#### Target-In\n```\n/?alert=\u003cimg src=\"/\" onerror=alert(\"test\")\u003e\n```\n\n#### Target-Output\n```\nalert box: test\n```\n\n## Impact\nVary\n\n## Risk\n- Command execution\n\n## Redemption\n- Input validation\n- Logic-less\n\n## Names\n - Client Side Template Injection\n - SST injection\n\n## ID\n477ac741-89fe-4d0b-b094-09d720ed9d83\n\n## References\n- [tenable](https://www.tenable.com/plugins/was/112684)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fclient-side-template-injection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqeeqbox%2Fclient-side-template-injection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fclient-side-template-injection/lists"}