CVE-2024-47075

Name of the Vulnerable Software and Affected Versions LayUI versions prior to 2.9.17

Description The issue is related to a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements, such as img tags with unsanitized name attributes, are present. This vulnerability can be exploited due to the presence of unsanitized attributes in HTML elements.

Recommendations For versions prior to 2.9.17, update to version 2.9.17 to fix the issue. As a temporary workaround, consider sanitizing user-controlled input, especially attributes of HTML elements like name in img tags, to minimize the risk of exploitation.