Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2018-25047HistorySep 15, 2022 - 12:15 a.m.
CVE-2018-25047
2022-09-1500:15:09
Debian Security Bug Tracker
security-tracker.debian.org
16
smarty
xss
vulnerability
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
54.2%
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | smarty3 | < 3.1.47-1 | smarty3_3.1.47-1_all.deb |
| Debian | 11 | all | smarty3 | <= 3.1.39-2+deb11u1 | smarty3_3.1.39-2+deb11u1_all.deb |
| Debian | 999 | all | smarty3 | < 3.1.47-1 | smarty3_3.1.47-1_all.deb |
| Debian | 12 | all | smarty4 | < 4.2.1-1 | smarty4_4.2.1-1_all.deb |
| Debian | 999 | all | smarty4 | < 4.2.1-1 | smarty4_4.2.1-1_all.deb |
Related
ubuntucve
ubuntucve
CVE-2018-25047
2022-09-15 00:00:00
prion
prion
Design/Logic Flaw
2022-09-15 00:15:00
openvas
openvas
Debian: Security Advisory (DLA-3262-1)
2023-01-06 00:00:00
Mageia: Security Advisory (MGASA-2023-0014)
2023-03-28 00:00:00
debian
debian
[SECURITY] [DLA 3262-1] smarty3 security update
2023-01-05 21:00:54
cvelist
cvelist
CVE-2018-25047
2022-09-14 00:00:00
nessus
nessus
Debian DLA-3262-1 : smarty3 - LTS security update
2023-01-07 00:00:00
GLSA-202209-09 : Smarty: Multiple vulnerabilities
2022-09-25 00:00:00
friendsofphp
friendsofphp
smarty_function_mailto - JavaScript injection in eval function
2022-09-14 11:32:14
nvd
nvd
CVE-2018-25047
2022-09-15 00:15:09
cve
cve
CVE-2018-25047
2022-09-15 00:15:09
mageia
mageia
Updated php-smarty packages fix security vulnerability
2023-01-24 10:58:24
veracode
veracode
Cross-site Scripting (XSS)
2022-09-16 05:57:40
osv
osv
smarty3 - security update
2023-01-05 00:00:00
Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
2022-09-16 00:00:39
CVE-2018-25047
2022-09-15 00:15:09
github
github
gentoo
gentoo
Smarty: Multiple vulnerabilities
2022-09-25 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
54.2%
Related for DEBIANCVE:CVE-2018-25047