Описание
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | needed | |
| esm-apps/bionic | released | 3.0.2-2ubuntu0.1~esm1 |
| esm-apps/focal | released | 3.2.1-3ubuntu0.1~esm1 |
| esm-apps/jammy | released | 3.3.10-2ubuntu0.1~esm1 |
| esm-apps/noble | needed | |
| esm-apps/xenial | not-affected | code not present |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| kinetic | ignored | end of life, was needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | needs-triage | |
| esm-apps/bionic | released | 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1+esm1 |
| esm-apps/focal | released | 3.1.34+20190228.1.c9f0de05+selfpack1-1ubuntu0.1 |
| esm-apps/jammy | released | 3.1.39-2ubuntu1.22.04.2 |
| esm-apps/noble | released | 3.1.48-1ubuntu0.24.04.1 |
| esm-apps/xenial | needs-triage | |
| focal | released | 3.1.34+20190228.1.c9f0de05+selfpack1-1ubuntu0.1 |
| jammy | released | 3.1.39-2ubuntu1.22.04.2 |
| kinetic | ignored | end of life, was needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 4.5.4-1 |
| esm-apps/noble | not-affected | 4.3.1-1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
| noble | not-affected | 4.3.1-1 |
Показывать по
Ссылки на источники
7.1 High
CVSS3
Связанные уязвимости
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.
Smarty is a template engine for PHP. In affected versions smarty did n ...
smarty Cross-site Scripting vulnerability in Javascript escaping
7.1 High
CVSS3