exceedone/exment and exceedone/laravel-admin are vulnerable to cross-site scripting. The vulnerability exists because the user inputs are not properly escaped in multiple functions which allows an attacker to inject and execute arbitrary java and SQL scripts.
exment.net/docs/#/release_note?id=v503-20220817
exment.net/docs/#/weakness/20220817
github.com/advisories/GHSA-j9wf-qqm9-mw2c
github.com/exceedone/exment/commit/f889357708c2465e3bfa17314a99305c3d8138b7
github.com/exceedone/exment/commit/fb30d698e4ce3d07e0ff4ab757a8593a68a590fc
github.com/exceedone/laravel-admin/commit/1ada873c79673d9259ac6cfa523cf312e82e5c8c
github.com/exceedone/laravel-admin/commit/c4dba330b95cf8e990994e669df6cbc79418798d
jvn.jp/en/jp/JVN46239102/index.html