CVE-2016-4462 — By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Fre — CVE Database · The Intelligence Room