Source: National Vulnerability Database

In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25047

105 hits since 2022-09-15

PHP Vulns Source Ratio: 16% (7628 total, 617 propagated, 3814 filtered)