smarty/smarty is vulnerable to Cross-Site Scripting (XSS). The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript in the victim’s browser.
github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d
github.com/smarty-php/smarty/commit/e09df8d851eb3ef139ced41afa5e73480f3cd5e8
github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj
lists.fedoraproject.org/archives/list/[email protected]/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ/
lists.fedoraproject.org/archives/list/[email protected]/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT/
lists.fedoraproject.org/archives/list/[email protected]/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP/