Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2023-28447

Published: 28/03/2023 Updated: 01/02/2024
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Smarty

Vulnerability Summary

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.

Vulnerable Product Search on Vulmon Subscribe to Product

smarty smarty

fedoraproject fedora 36

fedoraproject fedora 37

fedoraproject fedora 38

Vendor Advisories

Debian CVElist Bug Report Logs: smarty3: CVE-2023-28447: Cross site scripting vulnerability in Javascript escaping
Debian Bug report logs - #1033964 smarty3: CVE-2023-28447: Cross site scripting vulnerability in Javascript escaping Package: src:smarty3; Maintainer for src:smarty3 is Mike Gabriel <sunweaver@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 5 Apr 2023 05:57:02 UTC Severity: important Ta ...

Github Repositories

https://github.com/drkbcn/lblfixer_cve_2023_28447

Module for PrestaShop 1.7.X to fix CVE-2023-28447 vulnerability (Smarty XSS)

LabelGrup Networks, official PrestaShop Partner Module for PrestaShop 17X to fix CVE-2023-28447 vulnerability (Smarty JavaScript XSS) For further information, check the following links: CVE: nvdnistgov/vuln/detail/CVE-2023-28447 GitHub: githubcom/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj Instructions: Download the latest release from thi

References

CWE-79https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwjhttps://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713dhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033964https://nvd.nist.govhttps://github.com/drkbcn/lblfixer_cve_2023_28447
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook