CVE-2025-26159

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Laravel Starter version 11.11.0

Description The issue concerns Cross Site Scripting (XSS) in the tags feature. Users who can create or modify tags can inject malicious JavaScript code into the name field.

Recommendations For Laravel Starter version 11.11.0, update to a version that fixes the XSS issue in the tags feature, ensuring that user input in the name field is properly sanitized to prevent malicious JavaScript code injection.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-26159

GHSA-FPX3-H2PC-88VF

Affected Products

Laravel Starter

CVE-2025-26159

Weakness Enumeration

Related Identifiers

Affected Products

References · 9