CVE-2024-3081

Name of the Vulnerable Software and Affected Versions EasyCorp EasyAdmin versions up to 4.8.9

Description A vulnerability was found in the Autocomplete function of the file assets/js/autocomplete.js, which can lead to cross-site scripting. The manipulation of the item argument is the cause of this issue. The attack can be launched remotely.

Recommendations For versions up to 4.8.9, upgrade to version 4.8.10 to address this issue. As a temporary workaround, consider disabling the Autocomplete function until a patch is available. Restrict access to the assets/js/autocomplete.js file to minimize the risk of exploitation. Avoid using the item argument in the affected Autocomplete function until the issue is resolved.