Unknown · Livewire/Livewire · CVE-2024-21504
**Name of the Vulnerable Software and Affected Versions**
livewire/livewire versions 3.3.5 through 3.4.9
**Description**
The issue allows an attacker to inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it. This occurs when a page uses [Url] for a property.
**Recommendations**
For versions 3.3.5 through 3.4.9, update to version 3.4.9 or later to resolve the issue.