Search CVE reports


Toggle filters

1 – 5 of 5 results


CVE-2023-28447

High priority

Some fixes available 8 of 27

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser...

4 affected packages

civicrm, postfixadmin, smarty3, smarty4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
civicrm Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
postfixadmin Vulnerable Fixed Fixed Fixed Not affected
smarty3 Fixed Fixed Fixed Fixed Needs evaluation
smarty4 Needs evaluation Not in release Not in release Not in release Ignored
Show less packages

CVE-2022-31129

Medium priority

Some fixes available 4 of 92

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...

11 affected packages

gnucash, mediawiki, node-moment, ntopng, odoo...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnucash Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
node-moment Not affected Fixed Fixed Fixed Needs evaluation
ntopng Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
odoo Needs evaluation Needs evaluation Not in release Not in release Not in release
omnidb Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
postfixadmin Vulnerable Fixed Not affected Not affected Not affected
ruby-momentjs-rails Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
sabnzbdplus Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
syncthing Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 11 packages Show less packages

CVE-2022-29221

Medium priority

Some fixes available 9 of 32

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or...

6 affected packages

collabtive, galette, gosa, postfixadmin, smarty3, smarty4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
collabtive Needs evaluation
galette Needs evaluation
gosa Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
postfixadmin Not affected Fixed Fixed Fixed Not affected
smarty3 Fixed Fixed Needs evaluation Needs evaluation Needs evaluation
smarty4 Needs evaluation
Show less packages

CVE-2017-5930

Medium priority
Ignored

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.

1 affected package

postfixadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfixadmin Not affected Not affected
Show less packages

CVE-2014-2655

Medium priority
Fixed

SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.

1 affected package

postfixadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfixadmin
Show less packages