GHSA-HX4H-676R-J3QP layui vulnerable to cross-site scripting

A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...

asdlkj (=1.0.0), base-amap2 (>=0.0.0 <=3.0.0) +10 more potentially affected by CVE-2023-3691 via layui (>=0.0.1 <=2.7.6)

layui NPM version =0.0.1, =0.0.0, =0.1.1, =0.0.0, =1.0.2, =1.0.0, =0.0.8, =1.0.0-furuike-test, =3.1.76 - vporimprot =1.0.0 Source cves: CVE-2023-3691 Source advisory: OSV:GHSA-HX4H-676R-J3QP...

CVE-2023-3691

A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...

CVE-2023-3691

A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...

Cross site scripting

A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...

CVE-2023-3691 layui HTML Attribute cross site scripting

A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...

CVE-2023-3691

Layui up to v2.8.0-rc.16 contains a cross-site scripting vulnerability in the HTML Attribute Handler where manipulating the title argument enables XSS. The issue can be triggered remotely, and upgrading to version 2.8.0 addresses the vulnerability. Multiple connected sources (including Red Hat, C...

CVE-2023-3691 layui HTML Attribute cross site scripting

A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...

PT-2023-25738 · Layui · Layui

Name of the Vulnerable Software and Affected Versions: layui versions up to v2.8.0-rc.16 Description: A problematic issue was found in the HTML Attribute Handler component, where the manipulation of the title argument leads to cross-site scripting. This can be initiated remotely. Recommendations:...

Layui 跨站脚本漏洞

Layui is Layui open source Web UI component library that follows the original development model . A cross-site scripting vulnerability exists in versions prior to layui v2.8.0-rc.16. The vulnerability stems from an unknown part of the component HTML Attribute Handler, which leads to cross-site...

FunAdmin 代码问题漏洞

FunAdmin is FunAdmin open source a lightweight and high quality backend development system based on ThinkPHP6 + Layui development . FunAdmin version 3.3.2 and 3.3.3 version of a security vulnerability , the vulnerability stems from allowing the installation of plug-ins through the upload of...

Funadmin SQL注入漏洞

FunAdmin is FunAdmin open source based on ThinkPHP6 + Layui development of a lightweight high-profile back-end development system . Funadmin v3.2.0 version has a security vulnerability , the vulnerability stems from the selectFields parameter through controllerauthAuth.php found to contain SQL...

FunAdmin SQL注入漏洞

FunAdmin is FunAdmin open source based on ThinkPHP6+Layui development of a lightweight high-profile back-end development system . FunAdmin v3.2.0 version there is a security vulnerability , the vulnerability stems from the existence of SQL injection via the /databases/database/edit id parameter...

FunAdmin SQL注入漏洞

FunAdmin is FunAdmin open source development based on ThinkPHP6+Layui a lightweight high-profile back-end development system . FunAdmin version 3.2.0 there is a security vulnerability , the vulnerability stems from the /databases/database/list through the id parameter found to contain SQL injecti...

Funadmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high quality backend development system based on ThinkPHP6 + Layui development . Funadmin v3.2.0 version has a security vulnerability , the vulnerability stems from through the component controllerAddon.php found to contain remote code execution...

MyuCMS suffers from an arbitrary file read vulnerability (CNVD-2021-49567)

MyuCMS front-end is built with UIkit framework, back-end is built with layui back-end framework and back-end is developed with PHP+MYSQL. MyuCMS has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...

File upload vulnerability exists in LaySNS (CNVD-2021-44004)

LaySNS is a set of ThinkPHP5 LayUI development based on the collection of content publishing and community exchanges and one of the integrated website system. A file upload vulnerability exists in LaySNS, which can be exploited to obtain server control privileges...

TnCMS has a file upload vulnerability

TnCMS is a light content management system based on ThinkPHP6+layUI based development. TnCMS suffers from a file upload vulnerability that can be exploited by attackers to gain control of the server...

Arbitrary file upload vulnerability in layui

layui is a front-end UI framework written using its own module specification , follow the native HTML/CSS/JS writing and organization . An arbitrary file upload vulnerability exists in layui, which can be exploited by an attacker to gain control of the server...

File Upload Vulnerability in ZengCMS 1.0.0 Backend

ZengCMS is a backend management system based on the latest TP6.0.x framework and Layui 2.5.x. A file upload vulnerability exists in the ZengCMS 1.0.0 backend, which can be exploited by attackers to gain control of the server...