PT-2026-57849 · Unknown · Laravel-Mediable

Vulncheck

+1

·

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-49971

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
Name of the Vulnerable Software and Affected Versions Laravel-Mediable versions prior to 7.0.0
Description Stored cross-site scripting occurs when authenticated or anonymous users upload unsanitized SVG files containing embedded scripts in onload event handlers, script tags, or foreignObject elements. These persistent payloads execute with full DOM access when a victim opens or previews the file, which can lead to session cookie theft, CSRF token capture, and account takeover.
Recommendations Update Laravel-Mediable to version 7.0.0 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-49971

Affected Products

Laravel-Mediable