0.007 Low
EPSS
Percentile
79.6%
The package laminas-api-tools/api-tools bundles a number of javascript assets for purposes of providing an adminstration GUI and/or landing page. Some of these assets had reported XSS (cross-site scripting) vulnerabilities:
The bundled assets were updated to known-good versions.
The patch resolving the vulnerability is available in laminas-api-tools/api-tools 1.4.1.
We highly recommend all users of the package to update immediately.
CPE | Name | Operator | Version |
---|---|---|---|
laminas-api-tools/api-tools | lt | 1.4.1 |
0.007 Low
EPSS
Percentile
79.6%