Veracode Vulnerability DatabaseVERACODE:40033Cross-Site Scripting (XSS)
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
17.2%
smarty/smarty is vulnerable to Cross-Site Scripting (XSS). The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript in the victim’s browser.
References
github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d
github.com/smarty-php/smarty/commit/e09df8d851eb3ef139ced41afa5e73480f3cd5e8
github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj
lists.fedoraproject.org/archives/list/[email protected]/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ/
lists.fedoraproject.org/archives/list/[email protected]/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT/
lists.fedoraproject.org/archives/list/[email protected]/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP/
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
17.2%