Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
livewire 安全漏洞
Vulnerability Description
Livewire是Laravel 的全栈框架,允许您在不离开 PHP 的情况下构建动态 UI 组件。 livewire 3.3.5版本及3.4.9之前版本存在安全漏洞,该漏洞源于容易受到跨站脚本(XSS)攻击,攻击者可以通过制作恶意链接在用户浏览器会话的环境中注入HTML代码。
CVSS Information
N/A
Vulnerability Type
N/A