smarty/smarty Security Advisories for v4.1.1 (2)
-
[HIGH] Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag
PKSA-5rsx-p2fk-h2gr CVE-2024-35226 GHSA-4rmg-292m-wg3w
Affected version: >=3.0.0,<4.5.3|>=5.0.0,<5.1.1
Reported by:
GitHub -
[MEDIUM] smarty_function_mailto - JavaScript injection in eval function
PKSA-pght-23ww-rrdy CVE-2018-25047 GHSA-hwq7-5vv9-c6cf
Affected version: <3.1.47|>=4.0.0,<4.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories