Vulnerabilities > Smarty > Smarty > 3.1.18
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-28 | CVE-2023-28447 | Cross-site Scripting vulnerability in multiple products Smarty is a template engine for PHP. | 6.1 |
2022-09-15 | CVE-2018-25047 | Cross-site Scripting vulnerability in multiple products In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. | 5.4 |
2022-05-24 | CVE-2022-29221 | Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. | 8.8 |
2022-01-10 | CVE-2021-21408 | Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. | 8.8 |
2022-01-10 | CVE-2021-29454 | Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. | 8.8 |
2021-02-22 | CVE-2021-26120 | Code Injection vulnerability in multiple products Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | 9.8 |
2021-02-22 | CVE-2021-26119 | Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. | 7.5 |
2018-09-18 | CVE-2018-13982 | Path Traversal vulnerability in multiple products Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. | 7.5 |
2018-09-11 | CVE-2018-16831 | Path Traversal vulnerability in Smarty Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | 5.9 |
2018-01-03 | CVE-2017-1000480 | Code Injection vulnerability in Smarty Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. | 9.8 |