CVE search results

11 – 14 of 14 results

Detailed view

Sort by:

CVE-2017-1000480

Medium priority

Some fixes available 1 of 2

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.

1 affected packages

smarty3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
smarty3	Not affected	Not affected	Not affected	Fixed	Vulnerable

CVE-2014-8350

Medium priority

Ignored

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.

4 affected packages

gallery2, moodle, smarty, smarty3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
gallery2	—	—	—	Not in release	Not in release
moodle	—	—	—	Not affected	Not affected
smarty	—	—	—	Not in release	Not in release
smarty3	—	—	—	Not affected	Not affected

Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.

4 affected packages

gallery2, moodle, smarty, smarty3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
gallery2	—	—	—	—	Not in release
moodle	—	—	—	—	Not affected
smarty	—	—	—	—	Not in release
smarty3	—	—	—	—	Not affected

CVE-2012-4277

Medium priority

Ignored

Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script...

1 affected packages

smarty3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
smarty3	—	—	—	—	Not affected

Export to JSON

Results by page:

Search CVE reports

CVE-2017-1000480

CVE-2014-8350

CVE-2012-4437

CVE-2012-4277