CVE-2012-4277

Smarty < 3.1.7 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (5)

[Exploit] http://code.google.com/p/smarty-php/issues/detail?id=98&can=1

[Patch] http://code.google.com/p/smarty-php/source/detail?r=4612

[Vendor Advisory] http://secunia.com/advisories/49164

[Various Sources] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027061

Scores

EPSS 0.0033

EPSS Percentile 55.5%

Classification

CWE

CWE-79

Status published

Affected Products (50)

smarty/smarty

smarty/smarty < 3.1.7

smarty/smarty

smarty/smarty

smarty/smarty

smarty/smarty

smarty/smarty

smarty/smarty

smarty/smarty

smarty/smarty

smarty/smarty

smarty/smarty

smarty/smarty

smarty/smarty

smarty/smarty

... and 35 more

Timeline

Published Aug 13, 2012

Tracked Since Feb 18, 2026