Template Injection

Template injection happens when an application places untrusted input inside a server-side or client-side template without proper sanitization. Depending on the template engine and application context, attackers may read sensitive data, manipulate rendered output, access internal objects, or escalate to remote code execution. In application security testing, template injection is treated as a serious issue because it can move from content manipulation to deeper server-side compromise.