Cross-site Scripting (XSS)

spatie/browsershot is vulnerable to cross-site scripting. The vulnerability exists due to the lack of file:// validation in the html content of Browsershot.php which allows a remote attacker to inject and execute malicious JavaScript into the system...

Cross-site Scripting (XSS)

spatie/browsershot is vulnerable to cross site scripting. The vulnerable exists in the setUrl function in Browsershot.php which allows an external attacker to remotely obtain arbitrary local files, because the application does not validate the passed URL protocol...