I7Hdxz

**Name of the Vulnerable Software and Affected Versions** layui versions up to v2.8.0-rc.16 **Description** A problematic issue was found in the HTML Attribute Handler component, where the manipulation of the `title` argument leads to cross-site scripting. This can be initiated remotely. **Recommendations** For versions up to v2.8.0-rc.16, upgrade to version 2.8.0 to address the issue. As a temporary workaround, consider restricting the use of the `title` argument in the affected component until the upgrade is applied.