Lucene search
K

162 matches found

OSV
OSV
added 2024/03/19 6:30 a.m.17 views

GHSA-389C-CF87-QMWJ Cross-site Scripting in livewire/livewire

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...

6.1CVSS5.9AI score0.00516EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2024/03/19 6:30 a.m.52 views

Cross-site Scripting in livewire/livewire

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...

6.1CVSS6.2AI score0.00516EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/19 5:0 a.m.19 views

CVE-2024-21504

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...

6.1CVSS6AI score0.00516EPSS
Exploits1References4
OSV
OSV
added 2024/03/19 5:0 a.m.15 views

CVE-2024-21504

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...

6.1CVSS6.2AI score0.00516EPSS
Exploits1References6
CVE
CVE
added 2024/03/19 5:0 a.m.76 views

CVE-2024-21504

CVE-2024-21504 affects livewire/livewire up to 3.4.9. The vulnerability is a Cross-site Scripting (XSS) flaw when a page uses [Url] for a property, allowing an attacker to inject HTML in a user’s browser via a crafted link. Remediation: upgrade to 3.4.9 or later (Livewire release notes and adviso...

6.1CVSS5.9AI score0.00516EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/03/19 5:0 a.m.26 views

CVE-2024-21504

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...

6.1CVSS6.1AI score0.00516EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.7 views

livewire security breach

Livewire is a full-stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. A security vulnerability exists in livewire version 3.3.5 and versions prior to 3.4.9 that stems from vulnerability to cross-site scripting XSS attacks, which allows an attacker to...

6.1CVSS5.8AI score0.00516EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.9 views

PT-2024-18919 · Unknown · Livewire/Livewire

Name of the Vulnerable Software and Affected Versions: livewire/livewire versions 3.3.5 through 3.4.9 Description: The issue allows an attacker to inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it. This occurs when a...

6.1CVSS6.8AI score0.00516EPSS
Exploits1References10
Snyk
Snyk
added 2024/03/14 1:3 p.m.7 views

Cross-site Scripting (XSS)

Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and...

6.1CVSS7AI score0.00516EPSS
Exploits1References2
Veracode
Veracode
added 2024/02/02 8:34 a.m.18 views

Cross-Site Request Forgery (CSRF)

livewire is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused due to tokens persisting across sessions due to insecure caching within the getCsrfToken function. This allows an attacker to execute arbitrary requests on the server...

8.8CVSS7.4AI score0.00457EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/01 9:30 a.m.41 views

GHSA-2CJH-75GP-34GC livewire Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function...

8.8CVSS9.1AI score0.00457EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/02/01 9:30 a.m.17 views

livewire Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function...

8.8CVSS8.4AI score0.00457EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/02/01 7:15 a.m.27 views

CVE-2024-22859

Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem HTTP 419 status codes for legitimate client activity, not a securit...

8.8CVSS9.1AI score0.00457EPSS
Exploits0References2
Prion
Prion
added 2024/02/01 7:15 a.m.23 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem HTTP 419 status codes for legitimate client activity, not a securit...

6.8CVSS9.2AI score0.00457EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.6 views

Livewire Cross-Site Request Forgery Vulnerability

Livewire is a full-stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. A cross-site request forgery vulnerability exists in Livewire versions prior to v3.0.4, which originates from a vulnerability that allows remote attackers to execute arbitrary code v...

8.8CVSS7.7AI score0.00457EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/01 12:0 a.m.7 views

CVE-2024-22859

Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem HTTP 419 status codes for legitimate client activity, not a securit...

8.5AI score0.00457EPSS
Exploits0References2
CVE
CVE
added 2024/02/01 12:0 a.m.90 views

CVE-2024-22859

CVE-2024-22859 describes a CSRF vulnerability in Livewire prior to 3.0.4 that can allow remote attackers to cause arbitrary code execution via the getCsrfToken function. The issue is supported by multiple sources, including Red Hat, Veracode, OSV, CNNVD, CVE lists, and advisory aggregations, all ...

8.8CVSS9.2AI score0.00457EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.10 views

PT-2024-19589 · Livewire · Livewire

Name of the Vulnerable Software and Affected Versions: livewire versions prior to 3.0.4 Description: A Cross-Site Request Forgery CSRF issue allows remote attackers to execute arbitrary code via the getCsrfToken function. The vendor disputes this, stating that the 5d88731 commit fixes a usability...

8.8CVSS8.7AI score0.00457EPSS
Exploits0References12
OSV
OSV
added 2024/02/01 12:0 a.m.22 views

CVE-2024-22859

Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem HTTP 419 status codes for legitimate client activity, not a securit...

8.8CVSS9.2AI score0.00457EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2020/09/22 7:30 p.m.19 views

$this->validate() returns all properties, not just validated ones

IMPORTANT BUGFIX $this-validate usually only returns the validated dataset, however a regression was introduced, that caused it to return ALL data on the Livewire component. 1659...

2AI score
Exploits0Affected Software1
Rows per page
Query Builder