4 matches found
CVE-2018-25047
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user...
Updated php-smarty packages fix security vulnerability
It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized...
Debian dla-3262 : smarty3 - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3262 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3262-1 [email protected] https://www.debian.org/lts/security/...
CVE-2018-25047
Smarty3 (PHP templating engine) is vulnerable to XSS in smarty_function_mailto when using Smarty <3.1.47 and Smarty 4.x