GHSA-fpx3-h2pc-88vf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fpx3-h2pc-88vf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-fpx3-h2pc-88vf/GHSA-fpx3-h2pc-88vf.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fpx3-h2pc-88vf
- Aliases
-
- CVE-2025-26159
- Published
- 2025-04-22T21:30:44Z
- Modified
- 2025-04-22T22:27:12.814851Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Laravel Starter Cross Site Scripting (XSS)
- Details
-
Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field.
- Database specific
{ "nvd_published_at": "2025-04-22T20:15:28Z", "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "github_reviewed_at": "2025-04-22T22:16:36Z", "severity": "MODERATE" }- References
Affected packages
Packagist / nasirkhan/laravel-starter
Package
- Name
- nasirkhan/laravel-starter
- Purl
- pkg:composer/nasirkhan/laravel-starter
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed11.11.0
Affected versions
v1.*
v1.0.0
v1.1.0
v2.*
v2.0.0
v3.*
v3.6.0
v5.*
v5.1.0
v6.*
v6.0.0
v7.*
v7.5.0
v7.9.0
v7.10.0
v7.11.0
v7.12.0
v7.14.0
v8.*
v8.0.0
v8.1.0
v8.2.1
v8.3.0
v8.4.1
v8.4.2
v9.*
v9.0.0
v9.1.0
v9.10.0
v9.11.0
v9.12.0
v9.13.0
v9.14.0
v9.15.0
v9.16.0
v10.*
v10.0.0
v10.1.0
v10.2.0
v10.3.0
v10.3.1
v10.4.0
v10.5.0
v10.6.0
v10.7.0
v10.7.1
v10.8.0
v10.8.1
v10.9.0
v10.10.0
v10.11.0
v10.12.0
v10.13.0
v10.14.0
v10.14.1
v10.15.0
v10.16.0
v10.17.0
v10.18.0
v11.*
v11.0.0
v11.0.1
v11.1.0
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.6.0
v11.7.0
v11.8.0
v11.9.0
v11.10.0