162 matches found
GHSA-389C-CF87-QMWJ Cross-site Scripting in livewire/livewire
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...
Cross-site Scripting in livewire/livewire
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...
CVE-2024-21504
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...
CVE-2024-21504
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...
CVE-2024-21504
CVE-2024-21504 affects livewire/livewire up to 3.4.9. The vulnerability is a Cross-site Scripting (XSS) flaw when a page uses [Url] for a property, allowing an attacker to inject HTML in a user’s browser via a crafted link. Remediation: upgrade to 3.4.9 or later (Livewire release notes and adviso...
CVE-2024-21504
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...
livewire security breach
Livewire is a full-stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. A security vulnerability exists in livewire version 3.3.5 and versions prior to 3.4.9 that stems from vulnerability to cross-site scripting XSS attacks, which allows an attacker to...
PT-2024-18919 · Unknown · Livewire/Livewire
Name of the Vulnerable Software and Affected Versions: livewire/livewire versions 3.3.5 through 3.4.9 Description: The issue allows an attacker to inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it. This occurs when a...
Cross-site Scripting (XSS)
Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and...
Cross-Site Request Forgery (CSRF)
livewire is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused due to tokens persisting across sessions due to insecure caching within the getCsrfToken function. This allows an attacker to execute arbitrary requests on the server...
GHSA-2CJH-75GP-34GC livewire Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function...
livewire Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function...
CVE-2024-22859
Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem HTTP 419 status codes for legitimate client activity, not a securit...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem HTTP 419 status codes for legitimate client activity, not a securit...
Livewire Cross-Site Request Forgery Vulnerability
Livewire is a full-stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. A cross-site request forgery vulnerability exists in Livewire versions prior to v3.0.4, which originates from a vulnerability that allows remote attackers to execute arbitrary code v...
CVE-2024-22859
Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem HTTP 419 status codes for legitimate client activity, not a securit...
CVE-2024-22859
CVE-2024-22859 describes a CSRF vulnerability in Livewire prior to 3.0.4 that can allow remote attackers to cause arbitrary code execution via the getCsrfToken function. The issue is supported by multiple sources, including Red Hat, Veracode, OSV, CNNVD, CVE lists, and advisory aggregations, all ...
PT-2024-19589 · Livewire · Livewire
Name of the Vulnerable Software and Affected Versions: livewire versions prior to 3.0.4 Description: A Cross-Site Request Forgery CSRF issue allows remote attackers to execute arbitrary code via the getCsrfToken function. The vendor disputes this, stating that the 5d88731 commit fixes a usability...
CVE-2024-22859
Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem HTTP 419 status codes for legitimate client activity, not a securit...
$this->validate() returns all properties, not just validated ones
IMPORTANT BUGFIX $this-validate usually only returns the validated dataset, however a regression was introduced, that caused it to return ALL data on the Livewire component. 1659...