Layui has DOM Clobbering gadgets that leads to Cross-site Scripting

Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...

asdlkj (=1.0.0), base-amap2 (>=0.0.0 <=3.0.0) +10 more potentially affected by CVE-2024-47075 via layui (>=0.0.1 <=2.7.6)

layui NPM version =0.0.1, =0.0.0, =0.1.1, =0.0.0, =1.0.2, =1.0.0, =0.0.8, =1.0.0-furuike-test, =3.1.76 - vporimprot =1.0.0 Source cves: CVE-2024-47075 Source advisory: OSV:GHSA-J827-6RGF-9629...

GHSA-J827-6RGF-9629 Layui has DOM Clobbering gadgets that leads to Cross-site Scripting

Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...

CVE-2024-47075 DOM Clobbering gadgets found in layui that lead to Cross-site Scripting

LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. Version 2.9.17...

CVE-2024-47075 DOM Clobbering gadgets found in layui that lead to Cross-site Scripting

LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. Version 2.9.17...

CVE-2024-47075

CVE-2024-47075 concerns LayUI, a native minimalist Web UI library. The vulnerability is a DOM Clobbering flaw in versions prior to 2.9.17 that can lead to Cross‑site Scripting (XSS) on pages containing attacker‑controlled HTML elements (e.g., img tags with unsanitized name attributes). The issue ...

CVE-2024-47075 DOM Clobbering gadgets found in layui that lead to Cross-site Scripting

LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. Version 2.9.17...

LayUI 安全漏洞

Layui is a set of Web UI component libraries that follow the original development model of Layui open source. A security vulnerability exists in LayUI prior to version 2.9.17, which stems from pages containing uncleaned tags...

PT-2024-32392 · Layui · Layui

Name of the Vulnerable Software and Affected Versions: LayUI versions prior to 2.9.17 Description: The issue is related to a DOM Clobbering vulnerability that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements, such as img tags with unsanitized name...

vaeThink Security Vulnerabilities

vaeThink is a software application. Based on ThinkPHP5 and Layui development, while keeping the core concepts of rapid development and the road to simplicity unchanged, it provides basic development and encapsulation of the functions necessary for general projects, helping users to quickly comple...

springboot-manager Security Vulnerability

springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...

GHSA-RCVR-8WHX-3M5P Layui cross-site scripting (XSS) vulnerability

layui up to v2.74 was discovered to contain a cross-site scripting XSS vulnerability via the data-content parameter...

Layui cross-site scripting (XSS) vulnerability

layui up to v2.74 was discovered to contain a cross-site scripting XSS vulnerability via the data-content parameter...

CVE-2023-50550

layui up to v2.74 was discovered to contain a cross-site scripting XSS vulnerability via the data-content parameter...

CVE-2023-50550

layui up to v2.74 was discovered to contain a cross-site scripting XSS vulnerability via the data-content parameter...

CVE-2023-50550

layui up to v2.74 was discovered to contain a cross-site scripting XSS vulnerability via the data-content parameter...

Cross site scripting

layui up to v2.74 was discovered to contain a cross-site scripting XSS vulnerability via the data-content parameter...

layui Cross-Site Scripting Vulnerability

Layui is Layui open source Web UI component library that follows the original development model . A cross-site scripting vulnerability exists in versions prior to layui v2.74, which stems from the inclusion of cross-site scripting in the data-content parameter...

PT-2023-31585 · Layui · Layui

Name of the Vulnerable Software and Affected Versions: layui versions up to v2.74 Description: The issue is a cross-site scripting XSS vulnerability. It occurs via the data-content parameter. Recommendations: For versions up to v2.74, as a temporary workaround, consider restricting the use of the...

Gougucms Cross-Site Scripting Vulnerability

gougucms is a Chinese hook open source open source set based on ThinkPHP6 + Layui + MySql to build a lightweight general-purpose back-office management framework. gougucms v4.08.18 version of the existence of cross-site scripting vulnerability , the vulnerability stems from the application of the...