There is a reflected Cross-Site Scripting attack. An attacker able to cause a user to follow a specially crafted malicious link may be able to recover session identifiers or exploit browser vulnerabilities. The template parameter is vulnerable to cross-site scripting.
CVE Link
Exploit Type
Product Name