Moderate severityNVD Advisory· Published May 4, 2024· Updated Aug 16, 2024
CVE-2024-34467
CVE-2024-34467
Description
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
topthink/frameworkPackagist | >= 8.0.0, < 8.0.4 | 8.0.4 |
topthink/frameworkPackagist | >= 6.1.0, < 6.1.5 | 6.1.5 |
topthink/frameworkPackagist | < 6.0.17 | 6.0.17 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-969f-v7jv-pgj3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-34467ghsaADVISORY
- github.com/top-think/framework/commit/403358cd3e510e2fdab63f951930bdd093314eeeghsaWEB
- github.com/top-think/framework/commit/57d1950a1844ef8d3098ea290032aeb92e2e32c3ghsaWEB
- github.com/top-think/framework/commit/d3904e51e279c3b72ee206192aeccf9b1cffb534ghsaWEB
- github.com/top-think/framework/issues/2996ghsaWEB
News mentions
0No linked articles in our index yet.