Lucene search

K
githubGitHub Advisory DatabaseGHSA-VR95-P7Q6-8M9Q
HistoryMay 15, 2024 - 10:16 p.m.

Laravel Cross-site Scripting (XSS) vulnerability in blade templating

2024-05-1522:16:06
CWE-79
GitHub Advisory Database
github.com
6
laravel
xss vulnerability
blade templating
upgrade

6.1 Medium

AI Score

Confidence

High

Laravel 7.1.2 addresses a possible XSS related attack vector in the Laravel 7.x Blade Component tag attributes when users are allowed to dictate the value of attributes. All Laravel 7.x users are encouraged to upgrade as soon as possible.

Affected configurations

Vulners
Node
laravelframeworkRange<7.1.2
CPENameOperatorVersion
laravel/frameworklt7.1.2

6.1 Medium

AI Score

Confidence

High