GrepRules
Sign inPublish rule
Explore/cve-2024-26484-kirby-unsanitized-href-attr

CVE-2024-26484: Kirby Unsanitized Href Attr

Direct assignment of unvalidated object fields to the `href` attribute in `attr()` can result in Stored Cross-Site Scripting (XSS) via `javascript:` URIs. Ensure URLs are sanitized by terminating the method chain with `->toUrl()`.

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0PHPβ
greprules fetch cve-2024-26484-kirby-unsanitized-href-attr --engine opengrep

Description

Direct assignment of unvalidated object fields to the `href` attribute in `attr()` can result in Stored Cross-Site Scripting (XSS) via `javascript:` URIs. Ensure URLs are sanitized by terminating the method chain with `->toUrl()`.

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 76How quality works
Included packs
2 packs