CVE-2018-25047
published 2022-09-15CVE-2018-25047: In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.83%
52.8th percentile
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | smarty3 | < smarty3 3.1.47-1 (bookworm) | smarty3 3.1.47-1 (bookworm) |
| debian | smarty4 | < smarty3 3.1.47-1 (bookworm) | smarty3 3.1.47-1 (bookworm) |
| smarty | smarty | < 3.1.47 | 3.1.47 |
| smarty | smarty | >= 0 < 3.1.47 | 3.1.47 |
| smarty | smarty | >= 4.0.0 < 4.2.1 | 4.2.1 |
| smarty | smarty | >= 4.0.0 < 4.2.1 | 4.2.1 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.4MEDIUM
vendor_debian5.4MEDIUM
vendor_ubuntu5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
smarty3 vulnerabilities
osv·2024-12-12·CVSS 5.4
CVE-2018-25047 [MEDIUM] smarty3 vulnerabilities
smarty3 vulnerabilities
It was discovered that Smarty incorrectly handled query parameters in
requests. An attacker could possibly use this issue to inject arbitrary
Javascript code, resulting in denial of service or potential execution of
arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2018-25047, CVE-2023-28447)
It was discovered that Smarty did not properly sanitize user input when
generating templates. An attacker could, through PHP injection, possibly
use this issue to execute arbitrary code. (CVE-2024-35226)
GHSA
Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
ghsa·2022-09-16
CVE-2018-25047 [MEDIUM] CWE-79 Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
In Smarty before 3.1.47 and 4.x before 4.2.1, `libs/plugins/function.mailto.php` allows cross-site scripting. A web page that uses `smarty_function_mailto`, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.
OSV
Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
osv·2022-09-16
CVE-2018-25047 [MEDIUM] Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
In Smarty before 3.1.47 and 4.x before 4.2.1, `libs/plugins/function.mailto.php` allows cross-site scripting. A web page that uses `smarty_function_mailto`, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.
OSV
CVE-2018-25047: In Smarty before 3
osv·2022-09-15·CVSS 5.4
CVE-2018-25047 [MEDIUM] CVE-2018-25047: In Smarty before 3
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.
Ubuntu
Smarty vulnerabilities
vendor_ubuntu·2024-12-12·CVSS 5.4
CVE-2023-28447 [MEDIUM] Smarty vulnerabilities
Title: Smarty vulnerabilities
Summary: Several security issues were fixed in Smarty.
It was discovered that Smarty incorrectly handled query parameters in
requests. An attacker could possibly use this issue to inject arbitrary
Javascript code, resulting in denial of service or potential execution of
arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2018-25047, CVE-2023-28447)
It was discovered that Smarty did not properly sanitize user input when
generating templates. An attacker could, through PHP injection, possibly
use this issue to execute arbitrary code. (CVE-2024-35226)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2018-25047: smarty3 - In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php a...
vendor_debian·2018·CVSS 5.4
CVE-2018-25047 [MEDIUM] CVE-2018-25047: smarty3 - In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php a...
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.
Scope: local
bookworm: resolved (fixed in 3.1.47-1)
bullseye: resolved (fixed in 3.1.39-2+deb11u2)
forky: resolved (fixed in 3.1.47-1)
sid: resolved (fixed in 3.1.47-1)
trixie: resolved (fixed in 3.1.47-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugs.gentoo.org/870100https://github.com/smarty-php/smarty/issues/454https://github.com/smarty-php/smarty/releases/tag/v3.1.47https://github.com/smarty-php/smarty/releases/tag/v4.2.1https://lists.debian.org/debian-lts-announce/2023/01/msg00002.htmlhttps://security.gentoo.org/glsa/202209-09https://bugs.gentoo.org/870100https://github.com/smarty-php/smarty/issues/454https://github.com/smarty-php/smarty/releases/tag/v3.1.47https://github.com/smarty-php/smarty/releases/tag/v4.2.1https://lists.debian.org/debian-lts-announce/2023/01/msg00002.htmlhttps://lists.debian.org/debian-lts-announce/2024/11/msg00013.htmlhttps://security.gentoo.org/glsa/202209-09
2022-09-15
Published