smarty/smarty is vulnerable to cross-site scripting. The vulnerability exists because the smarty_function_mailto
function of function.mailto.php
does not properly escape the GET and POST input parameters, allowing an attacker to inject and execute malicious javascript.
bugs.gentoo.org/870100
github.com/advisories/GHSA-hwq7-5vv9-c6cf
github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9
github.com/smarty-php/smarty/commit/f1f7ee6e34c14a8a9dfa5c6ef894d39277a93938
github.com/smarty-php/smarty/issues/454
github.com/smarty-php/smarty/releases/tag/v3.1.47
github.com/smarty-php/smarty/releases/tag/v4.2.1
lists.debian.org/debian-lts-announce/2023/01/msg00002.html
security.gentoo.org/glsa/202209-09