CVE-2021-43808
published 2021-12-08CVE-2021-43808: Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in…
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.80%
51.9th percentile
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php-laravel-framework | < php-laravel-framework 6.20.14+dfsg-3 (bookworm) | php-laravel-framework 6.20.14+dfsg-3 (bookworm) |
| illuminate | view | >= 0 < 6.20.42 | 6.20.42 |
| illuminate | view | >= 7.0.0 < 7.30.6 | 7.30.6 |
| illuminate | view | >= 8.0.0 < 8.75.0 | 8.75.0 |
| laravel | framework | < 6.20.42 | 6.20.42 |
| laravel | framework | — | — |
| laravel | framework | — | — |
| laravel | framework | >= 0 < 6.20.42 | 6.20.42 |
| laravel | framework | >= 7.0.0 < 7.30.6 | 7.30.6 |
| laravel | framework | >= 7.0.0 < 7.30.6 | 7.30.6 |
| laravel | framework | >= 8.0.0 < 8.75.0 | 8.75.0 |
| laravel | framework | >= 8.0.0 < 8.75.0 | 8.75.0 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Laravel Framework XSS in Blade templating engine
osv·2021-12-08
CVE-2021-43808 [MEDIUM] Laravel Framework XSS in Blade templating engine
Laravel Framework XSS in Blade templating engine
A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine.
Given the following two Blade templates:
resources/views/parent.blade.php:
```html
@section('content')
@show
```
resources/views/child.blade.php:
```html
@extends('parent')
@section('content')
@endsection
```
And a route like the following:
```php
Route::get('/example', function() {
$value = '//localhost/###parent-placeholder-040f06fd774092478d450774f5ba30c5da78acc8## onclick=location.assign(this.value);//';
return view('child', ['value' => $value]);
});
```
The broken HTML element may be clicked and the user is taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder S
GHSA
Laravel Framework XSS in Blade templating engine
ghsa·2021-12-08
CVE-2021-43808 [MEDIUM] CWE-327 Laravel Framework XSS in Blade templating engine
Laravel Framework XSS in Blade templating engine
A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine.
Given the following two Blade templates:
resources/views/parent.blade.php:
```html
@section('content')
@show
```
resources/views/child.blade.php:
```html
@extends('parent')
@section('content')
@endsection
```
And a route like the following:
```php
Route::get('/example', function() {
$value = '//localhost/###parent-placeholder-040f06fd774092478d450774f5ba30c5da78acc8## onclick=location.assign(this.value);//';
return view('child', ['value' => $value]);
});
```
The broken HTML element may be clicked and the user is taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder S
OSV
CVE-2021-43808: Laravel is a web application framework
osv·2021-12-08·CVSS 6.1
CVE-2021-43808 [MEDIUM] CVE-2021-43808: Laravel is a web application framework
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.
Debian
CVE-2021-43808: php-laravel-framework - Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6...
vendor_debian·2021·CVSS 5.3
CVE-2021-43808 [MEDIUM] CVE-2021-43808: php-laravel-framework - Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6...
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.
Scope: local
bookworm: resolved (fixed in 6.20.14+dfsg-3)
bullseye: resolved (fixed in 6.20.14+dfsg-2+deb11u1)
fork
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9bhttps://github.com/laravel/framework/pull/39906https://github.com/laravel/framework/pull/39908https://github.com/laravel/framework/pull/39909https://github.com/laravel/framework/releases/tag/v6.20.42https://github.com/laravel/framework/releases/tag/v7.30.6https://github.com/laravel/framework/releases/tag/v8.75.0https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfwhttps://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9bhttps://github.com/laravel/framework/pull/39906https://github.com/laravel/framework/pull/39908https://github.com/laravel/framework/pull/39909https://github.com/laravel/framework/releases/tag/v6.20.42https://github.com/laravel/framework/releases/tag/v7.30.6https://github.com/laravel/framework/releases/tag/v8.75.0https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
2021-12-08
Published