5 matches found
CVE-2024-21504
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...
Cross-site Scripting in livewire/livewire
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...
CVE-2024-21504
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...
CVE-2024-21504
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...
CVE-2024-21504
CVE-2024-21504 affects livewire/livewire up to 3.4.9. The vulnerability is a Cross-site Scripting (XSS) flaw when a page uses [Url] for a property, allowing an attacker to inject HTML in a user’s browser via a crafted link. Remediation: upgrade to 3.4.9 or later (Livewire release notes and adviso...