VYPR
Medium severityNVD Advisory· Published Jun 3, 2026· Updated Jun 4, 2026

CVE-2022-31114

CVE-2022-31114

Description

backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing campaign, in order to trick users or admins into clicking a malicious link, which under very specific circumstances could give them information or possibly admin access. Versions 5.0.13, 4.1.69, and 4.0.63 patch the issue. As a workaround, manually look inside error views in resources/views/errors and output e($exception->getMessage()) instead of $exception->getMessage().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
backpack/crudPackagist
>= 5.0.0, < 5.0.135.0.13
backpack/crudPackagist
>= 4.1.0, < 4.1.694.1.69
backpack/crudPackagist
< 4.0.634.0.63

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.