Ubuntu Security Notices USN-8272-1 USN-8272-1: Smarty vulnerability Publication date 19 May 2026 Overview Smarty could be made to run malicious JavaScript in the user's browser if it received specially crafted input. Releases 16.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Related notices Packages smarty3 - The compiling PHP template engine Details Takuya Aramaki discovered that Smarty did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack. Takuya Aramaki discovered that Smarty did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack. Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 16.04 LTS xenial smarty3 – 3.1.21-1ubuntu1+esm2 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2023-28447 CVE-2023-28447 Related notices USN-8242-1 USN-8242-2 USN-7158-1 USN-6550-1 USN-8242-1 USN-8242-2 USN-7158-1 USN-6550-1