CVE-2024-47817: Blade Unescaped User Content Xss
Unescaped output of potentially user-controlled array components (e.g. `content`, `body`) in Blade templates can lead to Cross-Site Scripting (XSS). Ensure the data is properly sanitized (e.g., via `strip_tags` or an HTML framework purifier) before being rendered with `{!! !!}`, or use the escaped syntax `{{ }}`.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0Generic
greprules fetch cve-2024-47817-blade-unescaped-user-content-xss --engine opengrepDescription
Unescaped output of potentially user-controlled array components (e.g. `content`, `body`) in Blade templates can lead to Cross-Site Scripting (XSS). Ensure the data is properly sanitized (e.g., via `strip_tags` or an HTML framework purifier) before being rendered with `{!! !!}`, or use the escaped syntax `{{ }}`.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0