VDB

CVE-2018-25047

CVE-2018-25047 PUBLISHED

In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.

EPSS 0.63% · 70.7th percentile

Risk Scores

EPSS Score
0.63%
70.7th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:16.04:LTSsmarty33.1.21-1ubuntu1, 3.1.21-1, 0
Ubuntu:Pro:18.04:LTSsmarty30, 3.1.31+20161214.1.c7d42e4+selfpack1-3, 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1
Ubuntu:20.04:LTSsmarty30, 3.1.33+20180830.1.3a78a21f+selfpack1-1, *
Ubuntu:25.10smarty30, 3.1.48-2
Ubuntu:22.04:LTSsmarty33.1.39-2, 0, 3.1.39-2ubuntu1
Ubuntu:24.04:LTSsmarty30, 3.1.48-1

Exploit Intelligence

…and 3 more exploits

Timeline

  • Sep 14, 2022 CVE Published
  • Sep 15, 2022 EPSS Score
  • Oct 30, 2022 EPSS Score
  • Dec 14, 2022 EPSS Score
  • Jan 28, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 28, 2023 EPSS Score
  • Jun 12, 2023 EPSS Score
  • Jul 27, 2023 EPSS Score
  • Sep 10, 2023 EPSS Score
  • Oct 25, 2023 EPSS Score
  • Dec 9, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›