Laravel Cross-site Scripting (XSS) vulnerability in blade templating · GHSA-vr95-p7q6-8m9q · GitHub Advisory Database · GitHub

Laravel Cross-site Scripting (XSS) vulnerability in blade templating

Moderate severity GitHub Reviewed Published May 15, 2024 to the GitHub Advisory Database • Updated May 15, 2024

Package

laravel/framework (Composer)

Affected versions

>= 7.0.0, < 7.1.2

Patched versions

7.1.2

Description

Laravel 7.1.2 addresses a possible XSS related attack vector in the Laravel 7.x Blade Component tag attributes when users are allowed to dictate the value of attributes. All Laravel 7.x users are encouraged to upgrade as soon as possible.

References

Published to the GitHub Advisory Database May 15, 2024

Reviewed May 15, 2024

Last updated May 15, 2024

Severity

Moderate

4.3

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N