5 matches found
EUVD-2022-6844
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
smarty/smarty is vulnerable to cross-site scripting. The vulnerability exists because the smartyfunctionmailto function of function.mailto.php does not properly escape the GET and POST input parameters, allowing an attacker to inject and execute malicious javascript...
Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows cross-site scripting. A web page that uses smartyfunctionmailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user...
CVE-2018-25047
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user...
CVE-2018-25047
Smarty3 (PHP templating engine) is vulnerable to XSS in smarty_function_mailto when using Smarty <3.1.47 and Smarty 4.x