CVE-2024-47186
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-47186
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47186.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-47186
- Aliases
- Published
- 2024-09-27T21:04:33.587Z
- Modified
- 2025-12-05T06:32:55.358073Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
- Details
-
Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a
ColorColumnorColumnEntryare not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue. - Database specific
{ "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47186.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47186.json
- https://github.com/filamentphp/filament/commit/df7989352464d08eda5837ef50f9997fad902316
- https://github.com/filamentphp/filament/releases/tag/v3.2.115
- https://github.com/filamentphp/filament/security/advisories/GHSA-9h9q-qhxg-89xr
- https://nvd.nist.gov/vuln/detail/CVE-2024-47186
Affected packages
Git / github.com/filamentphp/filament
Affected versions
v2.*
v2.17.52
v2.17.53
v2.17.54
v2.17.55
v3.*
v3.0.0
v3.0.0-beta28
v3.0.1
v3.0.10
v3.0.100
v3.0.101
v3.0.102
v3.0.103
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.18
v3.0.19
v3.0.2
v3.0.20
v3.0.21
v3.0.22
v3.0.23
v3.0.24
v3.0.25
v3.0.26
v3.0.27
v3.0.28
v3.0.29
v3.0.3
v3.0.30
v3.0.31
v3.0.32
v3.0.33
v3.0.34
v3.0.35
v3.0.36
v3.0.37
v3.0.38
v3.0.39
v3.0.4
v3.0.40
v3.0.41
v3.0.42
v3.0.43
v3.0.44
v3.0.45
v3.0.46
v3.0.47
v3.0.48
v3.0.49
v3.0.5
v3.0.50
v3.0.51
v3.0.52
v3.0.53
v3.0.54
v3.0.55
v3.0.56
v3.0.57
v3.0.58
v3.0.59
v3.0.6
v3.0.60
v3.0.61
v3.0.62
v3.0.63
v3.0.64
v3.0.65
v3.0.66
v3.0.67
v3.0.68
v3.0.69
v3.0.7
v3.0.70
v3.0.71
v3.0.72
v3.0.73
v3.0.74
v3.0.75
v3.0.76
v3.0.77
v3.0.78
v3.0.79
v3.0.8
v3.0.80
v3.0.81
v3.0.82
v3.0.83
v3.0.84
v3.0.85
v3.0.86
v3.0.87
v3.0.88
v3.0.89
v3.0.9
v3.0.90
v3.0.91
v3.0.92
v3.0.93
v3.0.94
v3.0.95
v3.0.96
v3.0.97
v3.0.98
v3.0.99
v3.1.0
v3.1.0-alpha1
v3.1.0-alpha2
v3.1.0-alpha3
v3.1.0-alpha4
v3.1.1
v3.1.10
v3.1.11
v3.1.12
v3.1.13
v3.1.14
v3.1.15
v3.1.16
v3.1.17
v3.1.18
v3.1.19
v3.1.2
v3.1.20
v3.1.21
v3.1.22
v3.1.23
v3.1.24
v3.1.25
v3.1.26
v3.1.27
v3.1.28
v3.1.29
v3.1.3
v3.1.30
v3.1.31
v3.1.32
v3.1.33
v3.1.34
v3.1.35
v3.1.36
v3.1.37
v3.1.38
v3.1.39
v3.1.4
v3.1.40
v3.1.41
v3.1.42
v3.1.43
v3.1.44
v3.1.45
v3.1.46
v3.1.47
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.0
v3.2.1
v3.2.10
v3.2.100
v3.2.101
v3.2.102
v3.2.103
v3.2.104
v3.2.105
v3.2.106
v3.2.107
v3.2.108
v3.2.109
v3.2.11
v3.2.110
v3.2.111
v3.2.112
v3.2.113
v3.2.114
v3.2.12
v3.2.13
v3.2.14
v3.2.15
v3.2.16
v3.2.17
v3.2.18
v3.2.19
v3.2.2
v3.2.20
v3.2.21
v3.2.22
v3.2.23
v3.2.24
v3.2.25
v3.2.25-beta1
v3.2.26
v3.2.27
v3.2.28
v3.2.29
v3.2.3
v3.2.30
v3.2.31
v3.2.32
v3.2.33
v3.2.34
v3.2.35
v3.2.36
v3.2.37
v3.2.38
v3.2.39
v3.2.4
v3.2.40
v3.2.41
v3.2.42
v3.2.43
v3.2.44
v3.2.45
v3.2.46
v3.2.47
v3.2.48
v3.2.49
v3.2.5
v3.2.50
v3.2.51
v3.2.52
v3.2.53
v3.2.54
v3.2.55
v3.2.56
v3.2.57
v3.2.58
v3.2.59
v3.2.6
v3.2.60
v3.2.61
v3.2.62
v3.2.63
v3.2.64
v3.2.65
v3.2.66
v3.2.67
v3.2.68
v3.2.69
v3.2.7
v3.2.70
v3.2.71
v3.2.72
v3.2.73
v3.2.74
v3.2.75
v3.2.76
v3.2.77
v3.2.78
v3.2.79
v3.2.8
v3.2.80
v3.2.81
v3.2.82
v3.2.83
v3.2.84
v3.2.85
v3.2.86
v3.2.87
v3.2.87-beta1
v3.2.88
v3.2.89
v3.2.9
v3.2.90
v3.2.91
v3.2.92
v3.2.93
v3.2.94
v3.2.95
v3.2.96
v3.2.97
v3.2.98
v3.2.99