laravel/laravel is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation in image uploading, allowing an attacker to inject and execute malicious javascript.
github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1130-L1132
github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333
github.com/laravel/framework/commit/2049de73aa099a113a287587df4cc522c90961f5
github.com/laravel/framework/pull/38210
hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b
salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf#L5-6
salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8