CVE-2025-49130: Laravel Translation Manager Vulnerable to Stored Cross-site Scripting
The application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user’s browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities.
References
- github.com/advisories/GHSA-j226-63j7-qrqh
- github.com/barryvdh/laravel-translation-manager
- github.com/barryvdh/laravel-translation-manager/commit/527446ed419f90f2319675fc5211cb8f851d7a1f
- github.com/barryvdh/laravel-translation-manager/pull/475
- github.com/barryvdh/laravel-translation-manager/releases/tag/v0.6.8
- github.com/barryvdh/laravel-translation-manager/security/advisories/GHSA-j226-63j7-qrqh
- nvd.nist.gov/vuln/detail/CVE-2025-49130
Code Behaviors & Features
Detect and mitigate CVE-2025-49130 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →