laracom is vulnerable to cross-site scripting (XSS) attacks. A remote attacker could trick a user into browsing to a URL which would trigger the XSS on the search form and steal the user’s cookie or capture keyboard strokes and eventually take over the user account.
CPE | Name | Operator | Version |
---|---|---|---|
jsdecena/laracom | le | 1.4.11 | |
jsdecena/laracom | le | 1.4.11 |