Количество 2
Количество 2
CVE-2024-47075
LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. Version 2.9.17 fixes this issue.
GHSA-j827-6rgf-9629
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-47075 LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. Version 2.9.17 fixes this issue. | CVSS3: 6.4 | 1% Низкий | больше 1 года назад |
| GHSA-j827-6rgf-9629 Layui has DOM Clobbering gadgets that leads to Cross-site Scripting | CVSS3: 6.4 | 1% Низкий | больше 1 года назад |
Уязвимостей на страницу