[HIGH] Cross site scripting vulnerability in Javascript escaping

PKSA-2q9d-8kh9-49wx CVE-2023-28447 GHSA-7j98-h7fp-4vwj

Affected version: <3.1.48|>=4.0.0,<4.1.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] smarty_function_mailto - JavaScript injection in eval function

PKSA-pght-23ww-rrdy CVE-2018-25047 GHSA-hwq7-5vv9-c6cf

Affected version: <3.1.47|>=4.0.0,<4.2.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] PHP Code Injection by malicious block or filename

PKSA-6y8p-nrf4-ysf5 CVE-2022-29221 GHSA-634x-pc3q-cf4c

Affected version: <3.1.45|>=4.0.0,<4.1.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] Access to restricted PHP code by dynamic static class access

PKSA-31hv-m6rg-8ryk CVE-2021-21408 GHSA-4h9c-v5vg-5m6m

Affected version: <3.1.43|>=4.0.0,<4.0.3

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] Sandbox Escape by math function

PKSA-98zc-53yc-qt81 CVE-2021-29454 GHSA-29gp-2c3m-3j6m

Affected version: <3.1.42|>=4.0.0,<4.0.2

Reported by:
GitHub, FriendsOfPHP/security-advisories