Laravel Cross-site Scripting (XSS) vulnerability in blade templating

2024-05-1522:16:06

CWE-79

GitHub Advisory Database

github.com

laravel

xss vulnerability

blade templating

upgrade

6.1 Medium

AI Score

Confidence

High

JSON

Laravel 7.1.2 addresses a possible XSS related attack vector in the Laravel 7.x Blade Component tag attributes when users are allowed to dictate the value of attributes. All Laravel 7.x users are encouraged to upgrade as soon as possible.

Affected configurations

Vulners

Node

laravelframeworkRange<7.1.2

CPENameOperatorVersion
laravel/frameworklt7.1.2

CPE	Name	Operator	Version
	laravel/framework	lt	7.1.2

References

blog.laravel.com/security-laravel-712-released

github.com/advisories/GHSA-vr95-p7q6-8m9q

github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2020-03-13-1.yaml

github.com/laravel/framework/pull/31945

github.com/laravel/framework/releases/tag/v7.1.2

6.1 Medium

AI Score

Confidence

High

JSON