[HIGH] Cross site scripting vulnerability in Javascript escaping

PKSA-2q9d-8kh9-49wx CVE-2023-28447 GHSA-7j98-h7fp-4vwj

Affected version: <3.1.48|>=4.0.0,<4.1.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] smarty_function_mailto - JavaScript injection in eval function

PKSA-pght-23ww-rrdy CVE-2018-25047 GHSA-hwq7-5vv9-c6cf

Affected version: <3.1.47|>=4.0.0,<4.2.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] PHP Code Injection by malicious block or filename

PKSA-6y8p-nrf4-ysf5 CVE-2022-29221 GHSA-634x-pc3q-cf4c

Affected version: <3.1.45|>=4.0.0,<4.1.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

[CRITICAL] Smarty PHP code injection

PKSA-m8bd-7wwg-qgrb CVE-2017-1000480 GHSA-9m49-vhwv-422g

Affected version: >=3,<3.1.32

Reported by:
GitHub

[HIGH] Access to restricted PHP code by dynamic static class access

PKSA-31hv-m6rg-8ryk CVE-2021-21408 GHSA-4h9c-v5vg-5m6m

Affected version: <3.1.43|>=4.0.0,<4.0.3

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] Sandbox Escape by math function

PKSA-98zc-53yc-qt81 CVE-2021-29454 GHSA-29gp-2c3m-3j6m

Affected version: <3.1.42|>=4.0.0,<4.0.2

Reported by:
GitHub, FriendsOfPHP/security-advisories

[CRITICAL] Smarty_Internal_Runtime_TplFunction Sandbox Escape PHP Code Injection

PKSA-t4kv-1sv2-1mzx CVE-2021-26120 GHSA-3rpf-5rqv-689q

Affected version: <=3.1.38

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] template_object Sandbox Escape PHP Code Injection

PKSA-wc9h-gs49-76tm CVE-2021-26119 GHSA-w5hr-jm4j-9jvq

Affected version: <=3.1.38

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] Trusted-Directory Bypass via Path Traversal

PKSA-hgp5-21g7-7phg CVE-2018-13982 GHSA-7gfx-wxfh-7rvm

Affected version: <3.1.33

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] Trusted-Directory Bypass via Path Traversal

PKSA-thph-wfk6-pp4j CVE-2018-16831 GHSA-65j5-vpm7-6xp4

Affected version: <3.1.33

Reported by:
GitHub, FriendsOfPHP/security-advisories