Vulnerabilities > Smarty > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-29 | CVE-2023-41661 | Unspecified vulnerability in Smarty Auth. | 4.8 |
| 2023-03-28 | CVE-2023-28447 | Cross-site Scripting vulnerability in multiple products Smarty is a template engine for PHP. | 6.1 |
| 2022-09-15 | CVE-2018-25047 | Cross-site Scripting vulnerability in multiple products In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. | 5.4 |
| 2018-09-11 | CVE-2018-16831 | Path Traversal vulnerability in Smarty Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | 5.9 |