AIKIDO-2024-10379
easycorp/easyadmin-bundle is vulnerable to Cross-site Scripting (XSS)
35
Low Risk
This Affects:
easycorp/easyadmin-bundleTL;DR
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the Autocomplete function located in the assets/js/autocomplete.js file. Manipulating the item argument in this function can lead to the execution of malicious scripts, enabling an attacker to inject arbitrary JavaScript into the page. This vulnerability can compromise the security of the application by allowing an attacker to execute malicious code in the context of a user's session.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
easycorp/easyadmin-bundle is vulnerable to Cross-site Scripting (XSS) in versions 3.4.0 - 4.8.9.
How to fix this
Upgrade the easycorp/easyadmin-bundle library to the patch version.
Links
GitHub Release
Fix PRs
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant