Vulnerabilities > Smarty > Smarty > 1.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-28 | CVE-2023-28447 | Cross-site Scripting vulnerability in multiple products Smarty is a template engine for PHP. | 6.1 |
2022-09-15 | CVE-2018-25047 | Cross-site Scripting vulnerability in multiple products In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. | 5.4 |
2022-05-24 | CVE-2022-29221 | Code Injection vulnerability in multiple products Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. | 8.8 |
2022-01-10 | CVE-2021-21408 | Improper Input Validation vulnerability in multiple products Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. | 8.8 |
2022-01-10 | CVE-2021-29454 | Injection vulnerability in multiple products Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. | 8.8 |
2021-02-22 | CVE-2021-26120 | Code Injection vulnerability in multiple products Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | 9.8 |
2021-02-22 | CVE-2021-26119 | Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. | 7.5 |
2018-09-18 | CVE-2018-13982 | Path Traversal vulnerability in multiple products Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. | 5.0 |
2014-11-03 | CVE-2014-8350 | Code Injection vulnerability in Smarty Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template. | 7.5 |
2012-10-01 | CVE-2012-4437 | Cross-Site Scripting vulnerability in Smarty Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception. | 4.3 |