Updated php-smarty packages fix security vulnerability

It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized...

[SECURITY] [DLA 3147-1] twig security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3147-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 11, 2022 https://wiki.debian.org/LTS -...

drupal -- Drupal core - Moderately critical

Drupal Security Team reports: CVE-2019-10909: Escape validation messages in the PHP templating engine. CVE-2019-10910: Check service IDs are valid. CVE-2019-10911: Add a separator in the remember me cookie hash. jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue...

Sensio Labs Twig Information Disclosure Vulnerability

Sensio Labs Twig is a PHP templating engine from Sensio Labs, France, which supports custom tags and filters and creates DSLs. A security vulnerability exists in the sandbox in Sensio Labs Twig versions prior to 1.38.0 and 2.x versions prior to 2.7.0. The vulnerability can be exploited by an...

Debian: Security Advisory (DSA-1919-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-1520-1 smarty - arbitrary code execution

Bulletin has no description...

CVE-2019-10909: Escape validation messages in the PHP templating engine

More info at https://symfony.com/cve-2019-10909...

CVE-2019-10909: Escape validation messages in the PHP templating engine

More info at https://symfony.com/cve-2019-10909...