The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| backpackforlaravel | backpack\crud | * |
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.6 | HIGH | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H | 1.0 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| backpackforlaravel | filemanager | * |