[MEDIUM] smarty_function_mailto - JavaScript injection in eval function

PKSA-pght-23ww-rrdy CVE-2018-25047 GHSA-hwq7-5vv9-c6cf

Affected package: smarty/smarty

Affected version: <3.1.47|>=4.0.0,<4.2.1

Reported by:
GitHub, FriendsOfPHP/security-advisories