CVE-2024-45803 – Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui

https://notcve.org/view.php?id=CVE-2024-45803

Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting (XSS) vulnerability has been identified in the `/wireui/button` endpoint, specifically through the `label` query parameter. Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. The `/wireui/button` endpoint dynamically renders button labels based on user-provided input via the `label` query parameter. Due to insufficient sanitization or escaping of this input, an attacker can inject malicious JavaScript. • https://github.com/wireui/wireui/commit/784c4f110e58eb41d0f2bdecd4655ea417f16e7e https://github.com/wireui/wireui/commit/a457654912055f4dcc559da04d4e319f76b80fc5 https://github.com/wireui/wireui/security/advisories/GHSA-rw5h-g8xq-6877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •