laravel/framework is vulnerable to cross-site scripting (XSS). When the parent template contains an exploitable HTML structure, a remote attacker is able to inject arbitrary Javascript via guessing the parent placeholder SHA-1 hash by trying common names of sections.
github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b
github.com/laravel/framework/commit/ee08338d235396a9ef86bc9613a3754e939b1d17
github.com/laravel/framework/pull/39906
github.com/laravel/framework/pull/39908
github.com/laravel/framework/pull/39909
github.com/laravel/framework/releases/tag/v6.20.42
github.com/laravel/framework/releases/tag/v7.30.6
github.com/laravel/framework/releases/tag/v8.75.0
github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw