Vulnerabilities > Smarty
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-29 | CVE-2023-41661 | Cross-site Scripting vulnerability in Smarty Auth. | 4.8 |
| 2023-03-28 | CVE-2023-28447 | Cross-site Scripting vulnerability in multiple products Smarty is a template engine for PHP. | 6.1 |
| 2022-09-15 | CVE-2018-25047 | Cross-site Scripting vulnerability in multiple products In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. | 5.4 |
| 2022-05-24 | CVE-2022-29221 | Code Injection vulnerability in multiple products Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. | 8.8 |
| 2022-01-10 | CVE-2021-21408 | Improper Input Validation vulnerability in multiple products Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. | 8.8 |
| 2022-01-10 | CVE-2021-29454 | Injection vulnerability in multiple products Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. | 8.8 |
| 2021-02-22 | CVE-2021-26120 | Code Injection vulnerability in multiple products Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | 9.8 |
| 2021-02-22 | CVE-2021-26119 | Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. | 7.5 |
| 2019-11-20 | CVE-2011-1028 | Improper Input Validation vulnerability in multiple products The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | 9.8 |
| 2018-09-18 | CVE-2018-13982 | Path Traversal vulnerability in multiple products Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. | 7.5 |