CVE-2022-38080

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/exceedone/exment

Identifiers

GHSA-8629-83m5-rj75, CVE-2022-38080

Package Slug

packagist/exceedone/exment

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.

Affected Versions

All versions before 4.4.3, all versions starting from 5.0.0 before 5.0.3

Solution

Upgrade to versions 4.4.3, 5.0.3 or above.

Last Modified

2022-09-19

source