Search CVE reports
1 – 4 of 4 results
Some fixes available 7 of 13
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag....
2 affected packages
smarty3, smarty4
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| smarty3 | Needs evaluation | Fixed | Fixed | Fixed | Fixed |
| smarty4 | Not affected | Fixed | Not in release | Not in release | — |
Some fixes available 8 of 27
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser...
4 affected packages
civicrm, smarty3, smarty4, postfixadmin
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| civicrm | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| smarty3 | Needs evaluation | Fixed | Fixed | Fixed | Fixed |
| smarty4 | Not affected | Not affected | Not in release | Not in release | Not in release |
| postfixadmin | Vulnerable | Vulnerable | Fixed | Fixed | Fixed |
Some fixes available 5 of 14
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of...
2 affected packages
smarty3, smarty4
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| smarty3 | Needs evaluation | Fixed | Fixed | Fixed | Fixed |
| smarty4 | Not affected | Not affected | Not in release | Not in release | Not in release |
Some fixes available 12 of 32
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or...
6 affected packages
postfixadmin, smarty4, collabtive, galette, gosa, smarty3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| postfixadmin | Not affected | Not affected | Fixed | Fixed | Fixed |
| smarty4 | Not affected | Not affected | — | — | — |
| collabtive | — | — | — | — | — |
| galette | — | — | — | — | — |
| gosa | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| smarty3 | Fixed | Fixed | Fixed | Ignored | Ignored |