CVE-2023-28447 : Smarty is a template engine for PHP. In affected versions smarty did not properl

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.

Published 2023-03-28 21:15:11

Updated 2024-02-01 15:19:19

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)Bypass

Products affected by CVE-2023-28447

Smarty » Smarty
Versions from including (>=) 4.0.0 and before (<) 4.3.1
cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*
Matching versions
Smarty » Smarty
Versions before (<) 3.1.48
cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 36
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 37
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 38
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-28447

EPSS FAQ

0.41%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 60 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-28447

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None
7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	2.8	3.7	GitHub, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: Low

CWE ids for CVE-2023-28447

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)

References for CVE-2023-28447

https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj

Cross site scripting vulnerability in Javascript escaping · Advisory · smarty-php/smarty · GitHub
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP/

[SECURITY] Fedora 38 Update: php-Smarty-3.1.48-1.fc38 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT/

[SECURITY] Fedora 36 Update: php-Smarty-3.1.48-1.fc36 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ/

[SECURITY] Fedora 37 Update: php-Smarty-3.1.48-1.fc37 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d

Merge branch 'js_escape_security_fix' · smarty-php/smarty@6856624 · GitHub
Patch

Jump to

Vulnerability Details : CVE-2023-28447

Products affected by CVE-2023-28447

Exploit prediction scoring system (EPSS) score for CVE-2023-28447

CVSS scores for CVE-2023-28447

CWE ids for CVE-2023-28447

References for CVE-2023-28447