3 matches found
Updated php-smarty packages fix security vulnerability
Cross site scripting vulnerability in Javascript escaping. CVE-2023-28447 Additional bug fixes included. See referenced release notes for details...
MGASA-2023-0014 Updated php-smarty packages fix security vulnerability
It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized...
MGASA-2014-0469 Updated php-smarty packages fix security vulnerability
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template CVE-2014-8350...