CVE-2012-4277
published 2012-08-13CVE-2012-4277: Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.25%
65.6th percentile
Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
72 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | smarty3 | < smarty3 3.1.10-1 (bookworm) | smarty3 3.1.10-1 (bookworm) |
| smarty | smarty | <= 3.1.7 | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m9ff-gfr6-j4w9: Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function
ghsa_unreviewed·2022-05-17
CVE-2012-4277 [MEDIUM] CWE-79 GHSA-m9ff-gfr6-j4w9: Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function
Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
OSV
CVE-2012-4277: Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function
osv·2012-08-13·CVSS 4.3
CVE-2012-4277 [MEDIUM] CVE-2012-4277: Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function
Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Debian
CVE-2012-4277: smarty3 - Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_opt...
vendor_debian·2012·CVSS 4.3
CVE-2012-4277 [MEDIUM] CVE-2012-4277: smarty3 - Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_opt...
Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Scope: local
bookworm: resolved (fixed in 3.1.10-1)
bullseye: resolved (fixed in 3.1.10-1)
forky: resolved (fixed in 3.1.10-1)
sid: resolved (fixed in 3.1.10-1)
trixie: resolved (fixed in 3.1.10-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://code.google.com/p/smarty-php/issues/detail?id=98&can=1http://code.google.com/p/smarty-php/source/detail?r=4612http://secunia.com/advisories/49164http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txthttp://www.securitytracker.com/id?1027061http://code.google.com/p/smarty-php/issues/detail?id=98&can=1http://code.google.com/p/smarty-php/source/detail?r=4612http://secunia.com/advisories/49164http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txthttp://www.securitytracker.com/id?1027061
2012-08-13
Published