Количество 2
Количество 2
CVE-2024-21504
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it.
GHSA-389c-cf87-qmwj
Cross-site Scripting in livewire/livewire
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-21504 Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it. | CVSS3: 6.1 | 0% Низкий | почти 2 года назад |
| GHSA-389c-cf87-qmwj Cross-site Scripting in livewire/livewire | CVSS3: 6.1 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу