Client Side Template Injection (CSTI)
Client-side template injection vulnerabilities arise when applications using a client-side template framework dynamically embed user input in web pages.
The welcome page of the DVWS application is vulnerable to CSTI. This can be exploited by creating a user with the following payload.
{{'a'.constructor.prototype.charAt=[].join;$eval('x=alert(1)');}}
