CVE-2023-28447

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-28447

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-28447.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-28447

Aliases

GHSA-7j98-h7fp-4vwj

Related

Published

2023-03-28T21:15:11Z

Modified

2024-09-11T04:57:53.935605Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.

References

Affected packages

Debian:11 / smarty3

Package

Name: smarty3
Purl: pkg:deb/debian/smarty3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.39-1

3.1.39-2

3.1.39-2+deb11u1

3.1.45-1

3.1.47-1

3.1.47-2

3.1.48-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / smarty3

Package

Name: smarty3
Purl: pkg:deb/debian/smarty3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.47-2

3.1.48-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / smarty4

Package

Name: smarty4
Purl: pkg:deb/debian/smarty4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.0-1+deb12u1

Affected versions

4.*

4.3.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/smarty-php/smarty

Affected ranges

Type: GIT
Repo: https://github.com/smarty-php/smarty
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

685662466f653597428966d75a661073104d713d

Affected versions

v2.*

v2.6.24

v2.6.25

v2.6.26

v2.6.27

v2.6.28

v3.*

v3.1.11

v3.1.12

v3.1.13

v3.1.14

v3.1.15

v3.1.16

v3.1.17

v3.1.18

v3.1.19

v3.1.20

v3.1.21

v3.1.23

v3.1.24

v3.1.25

v3.1.26

v3.1.27

v3.1.28

v3.1.29

v3.1.30

v3.1.31

v3.1.32

v3.1.33

v3.1.34

v3.1.35

v3.1.36

v3.1.37

v3.1.37.1

v3.1.38

v3.1.39

v3.1.40

v4.*

v4.0.0

v4.0.0-rc.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.1.0

v4.1.1

v4.2.0

v4.2.1

v4.3.0