Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Blade `@parent` Exploitation Leading To Possible XSS in Laravel
Vulnerability Description
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Laravel Framework 加密问题漏洞
Vulnerability Description
Laravel Framework是Taylor Otwell个人开发者的一款基于PHP的Web应用程序开发框架。 Laravel Framework 8.75.0、7.30.6 和 6.20.42 之前的版本存在跨站脚本漏洞,攻击者可通过 Blade 模板引擎来执行xss攻击。
CVSS Information
N/A
Vulnerability Type
N/A