Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2021-43808

Published: 08/12/2021 Updated: 09/08/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Laravel

Vulnerability Summary

Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

laravel framework

Vendor Advisories

Debian CVElist Bug Report Logs: php-illuminate-validation: CVE-2021-43617: Failure to block the upload of executable PHP content
Debian Bug report logs - #1002728 php-illuminate-validation: CVE-2021-43617: Failure to block the upload of executable PHP content Package: php-illuminate-validation; Maintainer for php-illuminate-validation is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Source for php-illuminate-validation is src:php-laravel ...
Debian CVElist Bug Report Logs: php-illuminate-view: XSS vulnerability in the Blade templating engine (CVE-2021-43808)
Debian Bug report logs - #1001333 php-illuminate-view: XSS vulnerability in the Blade templating engine (CVE-2021-43808) Package: php-illuminate-view; Maintainer for php-illuminate-view is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Source for php-illuminate-view is src:php-laravel-framework (PTS, buildd, pop ...

Github Repositories

https://github.com/myOwn3HectarsOfCode/ProjektLaravel

My application with Laravel 8 and Bootstrap for manipulating excel files - in progress

ProjektLaravel Project to learning Laravel (and PHP) It will hand-held(with filtering of data to displaing) generator of reports from excel file (user must-by the use of a browser eg in the Intranet- to regiser, log in and than enters his csv file; Next he chooses data for visualisation from columns and rows of csv and the application will draw charts (at this moment no re

References

CWE-327https://github.com/laravel/framework/releases/tag/v6.20.42https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9bhttps://github.com/laravel/framework/pull/39909https://github.com/laravel/framework/pull/39908https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfwhttps://github.com/laravel/framework/pull/39906https://github.com/laravel/framework/releases/tag/v7.30.6https://github.com/laravel/framework/releases/tag/v8.75.0https://nvd.nist.govhttps://github.com/myOwn3HectarsOfCode/ProjektLaravelhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002728
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook