Veracode Vulnerability DatabaseVERACODE:36805Cross-Site Scripting (XSS)
0.001 Low
EPSS
Percentile
41.7%
exceedone/exment and exceedone/laravel-admin are vulnerable to cross-site scripting. The vulnerability exists because the user inputs are not properly escaped in multiple functions which allows an attacker to inject and execute arbitrary java and SQL scripts.
References
exment.net/docs/#/release_note?id=v503-20220817
exment.net/docs/#/weakness/20220817
github.com/advisories/GHSA-j9wf-qqm9-mw2c
github.com/exceedone/exment/commit/f889357708c2465e3bfa17314a99305c3d8138b7
github.com/exceedone/exment/commit/fb30d698e4ce3d07e0ff4ab757a8593a68a590fc
github.com/exceedone/laravel-admin/commit/1ada873c79673d9259ac6cfa523cf312e82e5c8c
github.com/exceedone/laravel-admin/commit/c4dba330b95cf8e990994e669df6cbc79418798d
jvn.jp/en/jp/JVN46239102/index.html
Related
