In Smarty prior to 3.1.47 and 4.x prior to 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smarty smarty |
||
debian debian linux 10.0 |