Search for vulnerabilities
| Vulnerability ID | VCID-3nky-rj9a-dyb7 |
| Aliases |
CVE-2012-4437
GHSA-9gqj-ppv2-f2hq |
| Summary | Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| epss | 0.0057 | https://api.first.org/data/v1/epss?cve=CVE-2012-4437 |
| epss | 0.0057 | https://api.first.org/data/v1/epss?cve=CVE-2012-4437 |
| epss | 0.0057 | https://api.first.org/data/v1/epss?cve=CVE-2012-4437 |
| generic_textual | MODERATE | https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt |
| generic_textual | MODERATE | https://code.google.com/p/smarty-php/source/detail?r=4658 |
| generic_textual | MODERATE | https://github.com/smarty-php/smarty |
| generic_textual | MODERATE | https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088138.html |
| generic_textual | MODERATE | https://nvd.nist.gov/vuln/detail/CVE-2012-4437 |
| generic_textual | MODERATE | https://web.archive.org/web/20140201075419/http://www.securityfocus.com/bid/55506 |
| generic_textual | MODERATE | https://www.openwall.com/lists/oss-security/2012/09/19/1 |
| generic_textual | MODERATE | https://www.openwall.com/lists/oss-security/2012/09/20/3 |
| Percentile | 0.68953 |
| EPSS Score | 0.0057 |
| Published At | June 4, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T17:11:02.892829+00:00 | Debian Importer | Import | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |