Candidate: CVE-2012-4277
PublicDate: 2012-08-13 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4277
 http://www.securitytracker.com/id?1027061
 http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
 http://secunia.com/advisories/49164
 http://code.google.com/p/smarty-php/source/detail?r=4612
 http://code.google.com/p/smarty-php/issues/detail?id=98&can=1
Description:
 Cross-site scripting (XSS) vulnerability in the
 smarty_function_html_options_optoutput function in
 distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8
 allows remote attackers to inject arbitrary web script or HTML via
 unspecified vectors.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_smarty3:
upstream_smarty3: released (3.1.10-1)
hardy_smarty3: DNE
lucid_smarty3: DNE
natty_smarty3: ignored (reached end-of-life)
oneiric_smarty3: ignored (reached end-of-life)
precise_smarty3: ignored (reached end-of-life)
precise/esm_smarty3: DNE (precise was needs-triage)
quantal_smarty3: not-affected (3.1.10-1)
raring_smarty3: not-affected (3.1.10-1)
saucy_smarty3: not-affected (3.1.10-1)
trusty_smarty3: not-affected (3.1.10-1)
trusty/esm_smarty3: DNE (trusty was not-affected [3.1.10-1])
utopic_smarty3: not-affected (3.1.10-1)
vivid_smarty3: not-affected (3.1.10-1)
vivid/stable-phone-overlay_smarty3: DNE
vivid/ubuntu-core_smarty3: DNE
wily_smarty3: not-affected (3.1.10-1)
xenial_smarty3: not-affected (3.1.10-1)
yakkety_smarty3: not-affected (3.1.10-1)
zesty_smarty3: not-affected (3.1.10-1)
devel_smarty3: not-affected (3.1.10-1)