Updated php-smarty packages fix security vulnerability

It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized...

CVE-2022-36433

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...

CVE-2017-15213

Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the realname or emailaddress field to themes/CleanFS/templates/common.editallusers.tpl...

Uber: Stored XSS in archive.uber.com Due to Injection of Javascript:alert(0)

archive.uber.com is vulnerable to an XSS due to injection of Javascript:alert0 as the downloadurl or the homepage in the setup.py when generating the .tar.gz. As of PEP 0470, the downloadurl and homepage parameters are depreciated. An example of a setup.py that can exploit this is: python from...