Описание
LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., img tags with unsanitized name attributes) are present. Version 2.9.17 fixes this issue.
Уязвимые конфигурации
Конфигурация 1Версия до 2.9.17 (исключая)
cpe:2.3:a:layui:layui:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00977
Низкий
6.4 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.4
github
больше 1 года назад
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting
EPSS
Процентиль: 76%
0.00977
Низкий
6.4 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79