GHSA-vr95-p7q6-8m9q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vr95-p7q6-8m9q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-vr95-p7q6-8m9q/GHSA-vr95-p7q6-8m9q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vr95-p7q6-8m9q
- Published
- 2024-05-15T22:16:06Z
- Modified
- 2024-05-15T22:31:34.412107Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Laravel Cross-site Scripting (XSS) vulnerability in blade templating
- Details
-
Laravel 7.1.2 addresses a possible XSS related attack vector in the Laravel 7.x Blade Component tag attributes when users are allowed to dictate the value of attributes. All Laravel 7.x users are encouraged to upgrade as soon as possible.
- References
Affected packages
Packagist / laravel/framework
Package
- Name
- laravel/framework
- Purl
- pkg:composer/laravel/framework