21 matches found
GHSA-527Q-4WQV-G9WJ bagisto has Server Side Template Injection (SSTI) in Product Description
Summary Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privileges to inject arbitrary template expressions tha...
EUVD-2021-2455
Malware in sbrugna...
CVE-2021-43808
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is...
Cross-Site Scripting (XSS)
illuminate/view is vulnerable to a Cross-site Scripting XSS. The vulnerability is due to inadequate input sanitization within blade templating, allowing attackers to inject malicious scripts into rendered views...
Laravel Cross-site Scripting (XSS) vulnerability in blade templating
Laravel 7.1.2 addresses a possible XSS related attack vector in the Laravel 7.x Blade Component tag attributes when users are allowed to dictate the value of attributes. All Laravel 7.x users are encouraged to upgrade as soon as possible...
GHSA-297G-XG4H-7W4C Laravel Cross-site Scripting vulnerability in blade templating
Laravel is prone to a Cross-site Scripting vulnerability in blade templating...
Laravel Cross-site Scripting vulnerability in blade templating
Laravel is prone to a Cross-site Scripting vulnerability in blade templating...
PT-2024-40017 · Laravel · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel affected versions not specified Description: The issue is related to a Cross-site Scripting vulnerability in the blade templating of Laravel. Recommendations: At the moment, there is no information about a newer version that contains ...
GHSA-66HF-2P6W-JQFW Laravel Framework XSS in Blade templating engine
A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: html @section'content' @show resources/views/child.blade.php: html @extends'parent' @section'content' @endsection And a route...
Laravel Framework XSS in Blade templating engine
A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: html @section'content' @show resources/views/child.blade.php: html @extends'parent' @section'content' @endsection And a route...
DEBIAN-CVE-2021-43808
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is...
CVE-2021-43808
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is...
CVE-2021-43808
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is...
Cross site scripting
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is...
CVE-2021-43808 Blade `@parent` Exploitation Leading To Possible XSS in Laravel
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is...
CVE-2021-43808
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is...
PT-2021-23949 · Laravel · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 8.75.0, 7.30.6, and 6.20.42 Description: The issue is related to a possible cross-site scripting XSS vulnerability in the Blade templating engine. This vulnerability can be exposed if the parent template contains an...
XSS vulnerability in blade templating
More info at https://github.com/laravel/framework/pull/31945...
XSS vulnerability in blade templating
More info at https://github.com/laravel/framework/pull/31945...
Possible cross-site scripting (XSS) vulnerability in the Blade templating engine
A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: html @section'content' @show resources/views/child.blade.php: html @extends'parent' @section'content' @endsection And a route...