Описание
Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a ColorColumn or ColumnEntry are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue.
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.0 (включая) до 3.2.115 (исключая)
cpe:2.3:a:filamentphp:filament:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00803
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
github
больше 1 года назад
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
EPSS
Процентиль: 74%
0.00803
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79