CVE-2024-47075 Information

Description

LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g. img tags with unsanitized name attributes) are present. Version 2.9.17 fixes this issue.

Reference

https://github.com/layui/layui/security/advisories/GHSA-j827-6rgf-9629 https://github.com/layui/layui/commit/f756b41d63bf3d488a2cb042918638c9851bf2b0