Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1mcHgzLWgycGMtODh2Zs4ABHGN

Moderate EPSS: 0.00039% (0.1112 Percentile) EPSS:
Permalink JSON

Laravel Starter Cross Site Scripting (XSS)

Affected Packages Affected Versions Fixed Versions
packagist:nasirkhan/laravel-starter < 11.11.0 11.11.0
0 Dependent packages
0 Dependent repositories
2,115 Downloads total

Affected Version Ranges

All affected versions

1.0.0, 1.1.0, 2.0.0, 3.6.0, 5.1.0, 6.0.0, 7.5.0, 7.9.0, 7.10.0, 7.11.0, 7.12.0, 7.14.0, 8.0.0, 8.1.0, 8.2.1, 8.3.0, 8.4.1, 8.4.2, 9.0.0, 9.1.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, 9.14.0, 9.15.0, 9.16.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.4.0, 10.5.0, 10.6.0, 10.7.0, 10.7.1, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.11.0, 10.12.0, 10.13.0, 10.14.0, 10.14.1, 10.15.0, 10.16.0, 10.17.0, 10.18.0, 11.0.0, 11.0.1, 11.1.0, 11.2.0, 11.3.0, 11.4.0, 11.5.0, 11.6.0, 11.7.0, 11.8.0, 11.9.0, 11.10.0

All unaffected versions

11.11.0, 11.12.0, 12.0.0, 12.1.0, 12.2.0

Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field.

References:

Identifiers

GHSA-fpx3-h2pc-88vf

CVE-2025-26159

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00039

EPSS Percentile: 0.1112

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/nasirkhan/laravel-starter

Date and time

Published

3 months ago

Updated

3 months ago

API

JSON