Mageia 8: 2023-0014 Moderate: Php-Smarty XSS Risk from Input Injection

mageia

January 24, 2023

It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine

Summary

It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine.
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user. (CVE-2018-25047)

References

- https://bugs.mageia.org/show_bug.cgi?id=31387

- https://lists.debian.org/debian-lts-announce/2023/01/msg00002.html

- https://github.com/smarty-php/smarty/releases/tag/v4.2.1

- https://www.cve.org/CVERecord?id=CVE-2018-25047

Topics Covered

security advisory update cross-site scripting Mageia php-smarty

Resolution

SRPMS

- 8/core/php-smarty-4.2.1-1.mga8

Publication date: 24 Jan 2023

URL: https://advisories.mageia.org/MGASA-2023-0014.html

Type: security

CVE: CVE-2018-25047

Topics Covered

security advisory update cross-site scripting Mageia php-smarty

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 8: 2023-0014 Moderate: Php-Smarty XSS Risk from Input Injection

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 8: 2023-0014 Moderate: Php-Smarty XSS Risk from Input Injection

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!