CVE-2025-49130

Name of the Vulnerable Software and Affected Versions Laravel Translation Manager versions prior to 0.6.8

Description The application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Only authenticated users with access to the translation manager are impacted.

Recommendations For versions prior to 0.6.8, update to version 0.6.8 to resolve the issue. As a temporary workaround, consider restricting access to the translation manager to minimize the risk of exploitation. Additionally, ensure that all user-input data is properly validated and sanitized to prevent malicious activities.