CVE-2024-47075

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47075

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47075.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47075

Aliases

GHSA-j827-6rgf-9629

Published

2024-09-26T18:15:08Z

Modified

2024-10-08T04:23:18.897616Z

Summary

[none]

Details

LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., img tags with unsanitized name attributes) are present. Version 2.9.17 fixes this issue.

References

Affected packages

Git / github.com/layui/layui

Affected ranges

Type: GIT
Repo: https://github.com/layui/layui
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f756b41d63bf3d488a2cb042918638c9851bf2b0

Affected versions

2.*

2.2.45

v1.*

v1.0.4

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.0.9_rls

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.2.0

v2.2.1

v2.2.2-rc1

v2.2.2-rls

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.3.0

v2.4.0

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.6.0

v2.6.10

v2.6.11

v2.6.12

v2.6.13

v2.6.2

v2.6.3

v2.6.3-2

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.8.0

v2.8.0-beta.1

v2.8.0-beta.2

v2.8.0-beta.3

v2.8.0-rc.1

v2.8.0-rc.10

v2.8.0-rc.11

v2.8.0-rc.12

v2.8.0-rc.13

v2.8.0-rc.14

v2.8.0-rc.15

v2.8.0-rc.16

v2.8.0-rc.2

v2.8.0-rc.3

v2.8.0-rc.4

v2.8.0-rc.5

v2.8.0-rc.6

v2.8.0-rc.7

v2.8.0-rc.8

v2.8.0-rc.9

v2.8.1

v2.8.10

v2.8.11

v2.8.12

v2.8.13

v2.8.14

v2.8.15

v2.8.16

v2.8.17

v2.8.18

v2.8.18-beta

v2.8.18-beta.1

v2.8.18-rc.1

v2.8.18-rc.2

v2.8.18-rc.3

v2.8.18-rc.4

v2.8.18-rc.5

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.9.0

v2.9.0-beta.1

v2.9.0-rc.1

v2.9.0-rc.2

v2.9.1

v2.9.10

v2.9.11

v2.9.12

v2.9.13

v2.9.14

v2.9.15

v2.9.16

v2.9.2

v2.9.2-rc.1

v2.9.2-rc.2

v2.9.3

v2.9.4

v2.9.5

v2.9.6

v2.9.7

v2.9.8

v2.9.9