Packagist (Composer) package
dcat/laravel-admin
pkg:composer/dcat/laravel-admin
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-54775 | — | — | — | Dec 27, 2024 | Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions. | ||
| CVE-2024-54774 | — | — | — | Dec 27, 2024 | Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create. | ||
| CVE-2024-29644 | — | <= 2.1.3 | — | Mar 26, 2024 | Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box. | ||
| CVE-2023-33736 | — | <= 2.1.3-beta | — | May 31, 2023 | A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter. |
- CVE-2024-54775Dec 27, 2024
Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions.
- CVE-2024-54774Dec 27, 2024
Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create.
- CVE-2024-29644Mar 26, 2024affected <= 2.1.3
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.
- CVE-2023-33736May 31, 2023affected <= 2.1.3-beta
A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.