Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26159

Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field.

Published

2025-04-22T20:15:28.130

Last Modified

2025-04-23T14:08:13.383

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

References

https://github.com/nasirkhan/laravel-starter ([email protected])
https://godbadtry.github.io/posts/CVE-2025-26159/ ([email protected])