Vulnerabilities > Smarty > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-29 | CVE-2023-41661 | Cross-site Scripting vulnerability in Smarty Auth. | 4.8 |
| 2023-03-28 | CVE-2023-28447 | Cross-site Scripting vulnerability in multiple products Smarty is a template engine for PHP. | 6.1 |
| 2022-09-15 | CVE-2018-25047 | Cross-site Scripting vulnerability in multiple products In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. | 5.4 |
| 2018-09-18 | CVE-2018-13982 | Path Traversal vulnerability in multiple products Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. | 5.0 |
| 2012-10-01 | CVE-2012-4437 | Cross-Site Scripting vulnerability in Smarty Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception. | 4.3 |
| 2012-08-13 | CVE-2012-4277 | Cross-Site Scripting vulnerability in Smarty Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |