PT-2023-25738 · Layui · Layui
I7Hdxz
·
Published
2023-07-16
·
Updated
2024-05-17
·
CVE-2023-3691
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
layui versions up to v2.8.0-rc.16
Description
A problematic issue was found in the HTML Attribute Handler component, where the manipulation of the
title argument leads to cross-site scripting. This can be initiated remotely.Recommendations
For versions up to v2.8.0-rc.16, upgrade to version 2.8.0 to address the issue. As a temporary workaround, consider restricting the use of the
title argument in the affected component until the upgrade is applied.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Layui