Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 16.04 Smarty Important Cross-Site Scripting Risk USN-8272-1

ubuntu
Calendar Grey May 19, 2026
Dist Ubuntu Esm H88
Smarty could allow execution of malicious JavaScript in the user's browser, warranting critical attention and updates.
Smarty could be made to run malicious JavaScript in the user's browser if it received specially crafted input.

Summary

Smarty could be made to run malicious JavaScript in the user's browser if

it received specially crafted input.

Software Description:

- smarty3: The compiling PHP template engine

Details:

Takuya Aramaki discovered that Smarty did not properly escape JavaScript

code. An attacker could possibly use this issue to conduct a cross-site

scripting attack.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  smarty3                         3.1.21-1ubuntu1+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8272-1

CVE-2023-28447

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8272-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here