Smarty 4.1.1

CPE Details

Smarty 4.1.1
smarty
smarty
4.1.1
2022-06-06
12h16 +00:00
2022-07-07
17h22 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:smarty:smarty:4.1.1:*:*:*:*:*:*:*

Informations

Vendor

smarty

Product

smarty

Version

4.1.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-28447 2023-03-28 20h07 +00:00 Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.
7.1
High
CVE-2018-25047 2022-09-13 22h00 +00:00 In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.
5.4
Medium