Volerion logoVolerion
Volerion logoVolerion

Backpack CRUD Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting vulnerability has been identified in Backpack CRUD versions prior to 5.0.13, 4.1.69, and 4.0.63. This issue arises because error messages are not properly escaped, allowing attackers to inject malicious scripts. Under specific circumstances, this could be exploited to conduct phishing attacks, potentially leading to unauthorized access or information disclosure, especially in an admin panel context.

Impact

Exploitation could allow for reflected cross-site scripting, where an attacker tricks users or admins into clicking a malicious link, potentially leading to information disclosure or unauthorized admin access.

Remediation

Users can update to Backpack CRUD versions 5.0.13, 4.1.69, or 4.0.63. After updating, it's important to run the 'php artisan backpack:fix' command to patch any published error views. If preferred, the update can be skipped by manually editing error views to escape exception messages.

Added: Jun 3, 2026, 4:45 PM
Updated: Jun 3, 2026, 4:45 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
1.7
exploitability
6.4
remediation
8.3
relevance
9.9
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.