php · filament/infolistsHeads-up
filament/infolists: Stored XSS via ImageColumn and ImageEntry
ImageColumn and ImageEntry components render raw database values without escaping HTML, leading to a stored XSS vulnerability.
What changed
ImageColumn and ImageEntry components render raw database values without escaping HTML, leading to a stored XSS vulnerability.
Who it affects
Applications using Filament Infolists that display user-provided data via ImageColumn or ImageEntry without proper validation.
What to do today
Update to the latest patched version of Filament Infolists and ensure all data passed to ImageColumn/ImageEntry is validated or sanitized.
The trail
Collected→
Audited→
Written→
Published