We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-47186

Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting



Description

Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue.

Reserved 2024-09-19 | Published 2024-09-27 | Updated 2024-09-27 | Assigner GitHub_M


MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

>= 3.0.0, < 3.2.115
affected

References

github.com/...lament/security/advisories/GHSA-9h9q-qhxg-89xr

github.com/...ommit/df7989352464d08eda5837ef50f9997fad902316

github.com/filamentphp/filament/releases/tag/v3.2.115

cve.org (CVE-2024-47186)

nvd.nist.gov (CVE-2024-47186)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-47186

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.