CVE-2023-28447
published 2023-03-28CVE-2023-28447: Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to…
PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.02%
59.0th percentile
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | smarty3 | < smarty3 3.1.47-2+deb12u1 (bookworm) | smarty3 3.1.47-2+deb12u1 (bookworm) |
| debian | smarty4 | < smarty3 3.1.47-2+deb12u1 (bookworm) | smarty3 3.1.47-2+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| postfixadmin | postfixadmin | >= 0 < 3.0.2-2ubuntu0.1~esm1 | 3.0.2-2ubuntu0.1~esm1 |
| postfixadmin | postfixadmin | >= 0 < 3.2.1-3ubuntu0.1~esm1 | 3.2.1-3ubuntu0.1~esm1 |
| postfixadmin | postfixadmin | >= 0 < 3.3.10-2ubuntu0.1~esm1 | 3.3.10-2ubuntu0.1~esm1 |
| smarty-php | smarty | < 3.1.48 | 3.1.48 |
| smarty-php | smarty | — | — |
| smarty | smarty | < 3.1.48 | 3.1.48 |
| smarty | smarty | >= 0 < 3.1.48 | 3.1.48 |
| smarty | smarty | >= 4.0.0 < 4.3.1 | 4.3.1 |
| smarty | smarty | >= 4.0.0 < 4.3.1 | 4.3.1 |
| ubuntu | civicrm | — | — |
| ubuntu | postfixadmin | — | — |
| ubuntu | smarty3 | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
smarty3 vulnerabilities
osv·2024-12-12·CVSS 5.4
CVE-2018-25047 [MEDIUM] smarty3 vulnerabilities
smarty3 vulnerabilities
It was discovered that Smarty incorrectly handled query parameters in
requests. An attacker could possibly use this issue to inject arbitrary
Javascript code, resulting in denial of service or potential execution of
arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2018-25047, CVE-2023-28447)
It was discovered that Smarty did not properly sanitize user input when
generating templates. An attacker could, through PHP injection, possibly
use this issue to execute arbitrary code. (CVE-2024-35226)
OSV
postfixadmin vulnerabilities
osv·2023-12-12·CVSS 8.8
CVE-2022-29221 [HIGH] postfixadmin vulnerabilities
postfixadmin vulnerabilities
It was discovered that Smarty, that is integrated in the PostfixAdmin
code, was not properly sanitizing user input when generating templates. An
attacker could, through PHP injection, possibly use this issue to execute
arbitrary code. (CVE-2022-29221)
It was discovered that Moment.js, that is integrated in the PostfixAdmin
code, was using an inefficient parsing algorithm when processing date
strings in the RFC 2822 standard. An attacker could possibly use this
issue to cause a denial of service. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-31129)
It was discovered that Smarty, that is integrated in the PostfixAdmin
code, was not properly escaping JavaScript code. An attacker could
possibly use this issue to conduct cross-site scripting attacks (XSS).
GHSA
smarty Cross-site Scripting vulnerability in Javascript escaping
ghsa·2023-03-29
CVE-2023-28447 [HIGH] CWE-79 smarty Cross-site Scripting vulnerability in Javascript escaping
smarty Cross-site Scripting vulnerability in Javascript escaping
### Impact
An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user.
### Patches
Please upgrade to the most recent version of Smarty v3 or v4.
### For more information
If you have any questions or comments about this advisory please open an issue in [the Smarty repo](https://github.com/smarty-php/smarty)
OSV
smarty Cross-site Scripting vulnerability in Javascript escaping
osv·2023-03-29
CVE-2023-28447 [HIGH] smarty Cross-site Scripting vulnerability in Javascript escaping
smarty Cross-site Scripting vulnerability in Javascript escaping
### Impact
An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user.
### Patches
Please upgrade to the most recent version of Smarty v3 or v4.
### For more information
If you have any questions or comments about this advisory please open an issue in [the Smarty repo](https://github.com/smarty-php/smarty)
OSV
CVE-2023-28447: Smarty is a template engine for PHP
osv·2023-03-28·CVSS 6.1
CVE-2023-28447 [MEDIUM] CVE-2023-28447: Smarty is a template engine for PHP
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.
Ubuntu
Smarty vulnerability
vendor_ubuntu·2026-05-19
CVE-2023-28447 Smarty vulnerability
Title: Smarty vulnerability
Summary: Smarty could be made to run malicious JavaScript in the user's browser if
it received specially crafted input.
Takuya Aramaki discovered that Smarty did not properly escape JavaScript
code. An attacker could possibly use this issue to conduct a cross-site
scripting attack.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
CiviCRM vulnerability
vendor_ubuntu·2026-05-07
CVE-2023-28447 CiviCRM vulnerability
Title: CiviCRM vulnerability
Summary: CiviCRM could be made to run malicious JavaScript in the user's browser
if it received specially crafted input.
Takuya Aramaki discovered that Smarty, vendored in CiviCRM, did not
properly escape JavaScript code. An attacker could possibly use this issue
to conduct a cross-site scripting attack.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
PostfixAdmin vulnerability
vendor_ubuntu·2026-05-07
CVE-2023-28447 PostfixAdmin vulnerability
Title: PostfixAdmin vulnerability
Summary: PostfixAdmin could be made to run malicious JavaScript in the user's
browser if it received specially crafted input.
USN-8242-1 fixed a vulnerability in CiviCRM. This update provides the
corresponding fix for PostfixAdmin.
Original advisory details:
Takuya Aramaki discovered that Smarty, vendored in CiviCRM, did not
properly escape JavaScript code. An attacker could possibly use this issue
to conduct a cross-site scripting attack.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Smarty vulnerabilities
vendor_ubuntu·2024-12-12·CVSS 5.4
CVE-2023-28447 [MEDIUM] Smarty vulnerabilities
Title: Smarty vulnerabilities
Summary: Several security issues were fixed in Smarty.
It was discovered that Smarty incorrectly handled query parameters in
requests. An attacker could possibly use this issue to inject arbitrary
Javascript code, resulting in denial of service or potential execution of
arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2018-25047, CVE-2023-28447)
It was discovered that Smarty did not properly sanitize user input when
generating templates. An attacker could, through PHP injection, possibly
use this issue to execute arbitrary code. (CVE-2024-35226)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
PostfixAdmin vulnerabilities
vendor_ubuntu·2023-12-12·CVSS 8.8
CVE-2022-31129 [HIGH] PostfixAdmin vulnerabilities
Title: PostfixAdmin vulnerabilities
Summary: Several security issues were fixed in PostfixAdmin.
It was discovered that Smarty, that is integrated in the PostfixAdmin
code, was not properly sanitizing user input when generating templates. An
attacker could, through PHP injection, possibly use this issue to execute
arbitrary code. (CVE-2022-29221)
It was discovered that Moment.js, that is integrated in the PostfixAdmin
code, was using an inefficient parsing algorithm when processing date
strings in the RFC 2822 standard. An attacker could possibly use this
issue to cause a denial of service. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-31129)
It was discovered that Smarty, that is integrated in the PostfixAdmin
code, was not properly escaping JavaScript code. An attacker could
p
Debian
CVE-2023-28447: smarty3 - Smarty is a template engine for PHP. In affected versions smarty did not properl...
vendor_debian·2023·CVSS 7.1
CVE-2023-28447 [HIGH] CVE-2023-28447: smarty3 - Smarty is a template engine for PHP. In affected versions smarty did not properl...
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.
Scope: local
bookworm: resolved (fixed in 3.1.47-2+deb12u1)
bullseye: resolved (fixed in 3.1.39-2+deb11u2)
forky: resolved (fixed in 3.1.48-1)
sid: resolved (fixed in 3.1.48-1)
trixie: resolved (fixed in 3.1.48-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713dhttps://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwjhttps://lists.fedoraproject.org/archives/list/[email protected]/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ/https://lists.fedoraproject.org/archives/list/[email protected]/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT/https://lists.fedoraproject.org/archives/list/[email protected]/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP/https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713dhttps://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwjhttps://lists.debian.org/debian-lts-announce/2024/11/msg00013.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ/https://lists.fedoraproject.org/archives/list/[email protected]/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT/https://lists.fedoraproject.org/archives/list/[email protected]/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP/
2023-03-28
Published