ROS-20250212-09

A vulnerability in the PHP Smarty templating engine is related to incorrect input validation when processing the attribute "extends-tag" attribute. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary PHP code on the target system. arbitrary PHP code on t...

Fedora 37 : php-Smarty (2022-d5fc9dcdd7)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d5fc9dcdd7 advisory. 3.1.47 - 2022-09-14 Security - Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks 454 Fixed - Fixed use ...

MGASA-2023-0155 Updated php-smarty packages fix security vulnerability

Cross site scripting vulnerability in Javascript escaping. CVE-2023-28447 Additional bug fixes included. See referenced release notes for details...

Updated php-smarty packages fix security vulnerability

Cross site scripting vulnerability in Javascript escaping. CVE-2023-28447 Additional bug fixes included. See referenced release notes for details...

Mageia: Security Advisory (MGASA-2023-0155)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for php-Smarty (FEDORA-2023-199edf23f0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : php-Smarty (2023-199edf23f0)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-199edf23f0 advisory. 3.1.48 - 2023-03-28 Security - Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447. Fixed - Output buffer...

Fedora: Security Advisory for php-Smarty (FEDORA-2023-4b03f6cd8a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for php-Smarty (FEDORA-2023-7490239652)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: php-Smarty-3.1.48-1.fc36

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation. Autoloader: /usr/share/php/Smarty/autoload.php...

Fedora 37 : php-Smarty (2023-4b03f6cd8a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4b03f6cd8a advisory. 3.1.48 - 2023-03-28 Security - Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447. Fixed - Output buffer...

Fedora 36 : php-Smarty (2023-7490239652)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7490239652 advisory. 3.1.48 - 2023-03-28 Security - Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447. Fixed - Output buffer...

Mageia: Security Advisory (MGASA-2023-0014)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated php-smarty packages fix security vulnerability

It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized...

MGASA-2023-0014 Updated php-smarty packages fix security vulnerability

It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized...

Fedora 36 : php-Smarty (2022-52154efd61)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-52154efd61 advisory. 3.1.47 - 2022-09-14 Security - Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks 454 Fixed - Fixed use ...

Fedora: Security Advisory for php-Smarty (FEDORA-2022-52154efd61)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: php-Smarty-3.1.47-1.fc36

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation. Autoloader: /usr/share/php/Smarty/autoload.php...

Mageia: Security Advisory (MGASA-2022-0226)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated php-smarty packages fix security vulnerability

Template authors could inject php code by choosing a malicious block name or include file name. CVE-2022-29221...