Primary

Context

Laravel Translation Manager Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in the Laravel Translation Manager package, affecting versions prior to 0.6.8. The issue arises from inadequate input validation and sanitization, allowing authenticated authenticated users with access to the translation manager to inject arbitrary HTML, including JavaScript, into pages viewed by other users. This could lead to the theft of sensitive information, hijacking of user sessions, or other malicious actions.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

Users can update to Laravel Translation Manager version 0.6.8 to address this vulnerability. After updating, it's recommended to apply the changes from the related pull request #475 in any published views, if applicable.

Added: Jun 9, 2025, 1:39 PM

Updated: Jun 9, 2025, 1:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.2

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.2

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Laravel Translation Manager Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating