CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Layui: >> Layui >> 2.8.3 Security Vulnerabilities

CVE-2024-47075

LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. Version 2.9.17 fixes this issue.

CVSS Score

6.4

EPSS Score

0.001

Published

2024-09-26

Page 1

Vulnerabilities

Vulnerable Software

Layui: >> Layui >> 2.8.3 Security Vulnerabilities

Products

Pricing

Contact Us