Lucene search
MitreCVELIST:CVE-2018-25047HistorySep 14, 2022 - 12:00 a.m.
CVE-2018-25047
2022-09-1400:00:00
mitre
www.cve.org
6
smarty
xss
injection
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.
Related
ubuntucve
ubuntucve
CVE-2018-25047
2022-09-15 00:00:00
debiancve
debiancve
CVE-2018-25047
2022-09-15 00:15:09
prion
prion
Design/Logic Flaw
2022-09-15 00:15:00
openvas
openvas
Debian: Security Advisory (DLA-3262-1)
2023-01-06 00:00:00
Mageia: Security Advisory (MGASA-2023-0014)
2023-03-28 00:00:00
debian
debian
[SECURITY] [DLA 3262-1] smarty3 security update
2023-01-05 21:00:54
nessus
nessus
Debian DLA-3262-1 : smarty3 - LTS security update
2023-01-07 00:00:00
GLSA-202209-09 : Smarty: Multiple vulnerabilities
2022-09-25 00:00:00
friendsofphp
friendsofphp
smarty_function_mailto - JavaScript injection in eval function
2022-09-14 11:32:14
nvd
nvd
CVE-2018-25047
2022-09-15 00:15:09
cve
cve
CVE-2018-25047
2022-09-15 00:15:09
mageia
mageia
Updated php-smarty packages fix security vulnerability
2023-01-24 10:58:24
veracode
veracode
Cross-site Scripting (XSS)
2022-09-16 05:57:40
osv
osv
smarty3 - security update
2023-01-05 00:00:00
CVE-2018-25047
2022-09-15 00:15:09
github
github
gentoo
gentoo
Smarty: Multiple vulnerabilities
2022-09-25 00:00:00