Latest smarty smarty Vulnerabilities

● CVE-2023-41661

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.

Smarty Smarty<=3.1.35

● CVE-2023-28447

### Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, ...

composer/smarty/smarty<3.1.48>=4.0.0<4.1.1

Smarty Smarty<3.1.48

Smarty Smarty>=4.0.0<4.3.1

ubuntu/postfixadmin<3.0.2-2ubuntu0.1~

ubuntu/postfixadmin<3.2.1-3ubuntu0.1~

ubuntu/postfixadmin<3.3.10-2ubuntu0.1~

and 7 more

● CVE-2018-25047

smarty_function_mailto - JavaScript injection in eval function

composer/smarty/smarty<3.1.47>=4.0.0<4.2.1

Smarty Smarty<3.1.47

Smarty Smarty>=4.0.0<4.2.1

Debian Debian Linux=10.0

● CVE-2022-29221

PHP Code Injection by malicious block or filename

composer/smarty/smarty<3.1.45>=4.0.0<4.1.1

Smarty Smarty<3.1.45

Smarty Smarty>=4.0.0<4.1.1

Debian Debian Linux=9.0

Debian Debian Linux=10.0

Debian Debian Linux=11.0

and 12 more

● CVE-2021-21408

### Impact Template authors could run restricted static php methods. ### Patches Please upgrade to 3.1.40 or higher. ### References See the [documentation on Smarty security features](https://www.sm...

composer/smarty/smarty<3.1.43>=4.0.0<4.0.3

Smarty Smarty<3.1.43

Smarty Smarty>=4.0.0<4.0.3

Debian Debian Linux=9.0

Debian Debian Linux=10.0

Debian Debian Linux=11.0

and 13 more

● CVE-2021-29454

### Impact Template authors could run arbitrary PHP code by crafting a malicious math string. If a math string is passed through as user provided data to the math function, external users could run ar...

composer/smarty/smarty<3.1.42>=4.0.0<4.0.2

debian/smarty3

debian/smarty4

Smarty Smarty<3.1.42

Smarty Smarty>=4.0.0<4.0.2

Debian Debian Linux=9.0

and 13 more

● CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.

composer/smarty/smarty<=3.1.38

debian/smarty3

Smarty Smarty<3.1.39

Debian Debian Linux=9.0

Debian Debian Linux=10.0

Debian Debian Linux=11.0

and 5 more

● CVE-2021-26119

Sandbox protection could be bypassed through access to an internal Smarty object that should have been blocked. Sites that rely on [Smarty Security features](https://www.smarty.net/docs/en/advanced.fe...

composer/smarty/smarty<=3.1.38

Smarty Smarty<3.1.39

Debian Debian Linux=9.0

Debian Debian Linux=10.0

Debian Debian Linux=11.0

debian/smarty3

and 5 more

● CVE-2011-1028

The `$smarty.template` variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the `sysplugins/smarty_internal_compile_private_special_variable.php` file.

composer/smarty/smarty<3.0.7

Smarty Smarty>=3.0.0<3.0.7

Debian Debian Linux=8.0

Debian Debian Linux=9.0

Debian Debian Linux=10.0

debian/smarty3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.