CVE-2018-25047
Published: 15 September 2022
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.
Priority
Status
Package | Release | Status |
---|---|---|
smarty3 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Ignored
(out of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
smarty4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Ignored
(out of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(out of standard support)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.4 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25047
- https://github.com/smarty-php/smarty/issues/454
- https://github.com/smarty-php/smarty/commit/f1f7ee6e34c14a8a9dfa5c6ef894d39277a93938 (v3.1.47)
- https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9 (v4.2.1)
- https://github.com/smarty-php/smarty/releases/tag/v4.2.1
- https://github.com/smarty-php/smarty/releases/tag/v3.1.47
- https://bugs.gentoo.org/870100
- NVD
- Launchpad
- Debian