npm package
layui
pkg:npm/layui
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47075 | — | < 2.9.17 | 2.9.17 | Sep 26, 2024 | LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are p | ||
| CVE-2023-50550 | — | < 2.7.5 | 2.7.5 | Dec 30, 2023 | layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter. | ||
| CVE-2023-3691 | — | < 2.8.0 | 2.8.0 | Jul 16, 2023 | A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. |
- CVE-2024-47075Sep 26, 2024affected < 2.9.17fixed 2.9.17
LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are p
- CVE-2023-50550Dec 30, 2023affected < 2.7.5fixed 2.7.5
layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter.
- CVE-2023-3691Jul 16, 2023affected < 2.8.0fixed 2.8.0
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely.