Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2023-28447 PoC — Cross site scripting vulnerability in Javascript escaping in smarty/smarty

Source
https://github.com/drkbcn/lblfixer_cve_2023_28447
Associated Vulnerability
Title:Cross site scripting vulnerability in Javascript escaping in smarty/smarty (CVE-2023-28447)
Description:Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.
Description
Module for PrestaShop 1.7.X to fix CVE-2023-28447 vulnerability (Smarty XSS)
Readme
# LabelGrup Networks, official PrestaShop Partner

![LabelGrup Logo](logo.png)

Module for PrestaShop 1.7.X to fix CVE-2023-28447 vulnerability (Smarty JavaScript XSS)

For further information, check the following links: 
- CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-28447
- GitHub: https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj

**Instructions:**

 1. Download the latest release from this repository.
 2. Install the downloaded ZIP as a normal addon, this will replace/copy the needed files to your current PrestaShop.
 3. Be aware: If you remove the addon, your PrestaShop will be reverted to its original state, exposing the vulnerability again.

Visit our website:
https://www.labelgrup.com
File Snapshot

 [4.0K]  /data/pocs/fb529da0aee138b3e8ee11afc0b9b0dfae9299a9
├── [4.0K]  backup
│   └── [ 533]  index.php
├── [ 533]  index.php
├── [5.9K]  lblfixer_cve_2023_28447.php
├── [ 14K]  logo.png
├── [4.0K]  patches
│   ├── [ 533]  index.php
│   ├── [ 378]  modifiercompiler.escape.php.patch
│   └── [  69]  modifier.escape.php.patch
└── [ 731]  README.md

2 directories, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →