{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-49130", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-06-02T10:39:41.633Z", "datePublished": "2025-06-09T12:49:37.837Z", "dateUpdated": "2025-06-09T14:07:51.774Z"}, "containers": {"cna": {"title": "Laravel Translation Manager Vulnerable to Stored Cross-site Scripting", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/barryvdh/laravel-translation-manager/security/advisories/GHSA-j226-63j7-qrqh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/barryvdh/laravel-translation-manager/security/advisories/GHSA-j226-63j7-qrqh"}, {"name": "https://github.com/barryvdh/laravel-translation-manager/pull/475", "tags": ["x_refsource_MISC"], "url": "https://github.com/barryvdh/laravel-translation-manager/pull/475"}, {"name": "https://github.com/barryvdh/laravel-translation-manager/commit/527446ed419f90f2319675fc5211cb8f851d7a1f", "tags": ["x_refsource_MISC"], "url": "https://github.com/barryvdh/laravel-translation-manager/commit/527446ed419f90f2319675fc5211cb8f851d7a1f"}, {"name": "https://github.com/barryvdh/laravel-translation-manager/releases/tag/v0.6.8", "tags": ["x_refsource_MISC"], "url": "https://github.com/barryvdh/laravel-translation-manager/releases/tag/v0.6.8"}], "affected": [{"vendor": "barryvdh", "product": "laravel-translation-manager", "versions": [{"version": "< 0.6.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-09T12:49:37.837Z"}, "descriptions": [{"lang": "en", "value": "Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Only authenticated users with access to the translation manager are impacted. The issue is fixed in version 0.6.8."}], "source": {"advisory": "GHSA-j226-63j7-qrqh", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-09T14:07:35.708790Z", "id": "CVE-2025-49130", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T14:07:51.774Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-49130", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-09T14:07:35.708790Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T14:07:47.944Z"}}], "cna": {"title": "Laravel Translation Manager Vulnerable to Stored Cross-site Scripting", "source": {"advisory": "GHSA-j226-63j7-qrqh", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "barryvdh", "product": "laravel-translation-manager", "versions": [{"status": "affected", "version": "< 0.6.8"}]}], "references": [{"url": "https://github.com/barryvdh/laravel-translation-manager/security/advisories/GHSA-j226-63j7-qrqh", "name": "https://github.com/barryvdh/laravel-translation-manager/security/advisories/GHSA-j226-63j7-qrqh", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/barryvdh/laravel-translation-manager/pull/475", "name": "https://github.com/barryvdh/laravel-translation-manager/pull/475", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/barryvdh/laravel-translation-manager/commit/527446ed419f90f2319675fc5211cb8f851d7a1f", "name": "https://github.com/barryvdh/laravel-translation-manager/commit/527446ed419f90f2319675fc5211cb8f851d7a1f", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/barryvdh/laravel-translation-manager/releases/tag/v0.6.8", "name": "https://github.com/barryvdh/laravel-translation-manager/releases/tag/v0.6.8", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Only authenticated users with access to the translation manager are impacted. The issue is fixed in version 0.6.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-09T12:49:37.837Z"}}}, "cveMetadata": {"cveId": "CVE-2025-49130", "state": "PUBLISHED", "dateUpdated": "2025-06-09T14:07:51.774Z", "dateReserved": "2025-06-02T10:39:41.633Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-06-09T12:49:37.837Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Only authenticated users with access to the translation manager are impacted. The issue is fixed in version 0.6.8."}, {"lang": "es", "value": "Laravel Translation Manager es un paquete para gestionar los archivos de traducci\u00f3n de Laravel. Antes de la versi\u00f3n 0.6.8, la aplicaci\u00f3n era vulnerable a ataques de Cross-Site Scripting (XSS) debido a la validaci\u00f3n y el saneamiento incorrectos de los datos introducidos por el usuario. Un atacante puede inyectar c\u00f3digo HTML arbitrario, incluyendo scripts JavaScript, en la p\u00e1gina procesada por el navegador del usuario, lo que le permite robar datos confidenciales, secuestrar sesiones de usuario o realizar otras actividades maliciosas. Solo los usuarios autenticados con acceso al gestor de traducci\u00f3n se ven afectados. El problema se solucion\u00f3 en la versi\u00f3n 0.6.8."}], "id": "CVE-2025-49130", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-06-09T13:15:23.977", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/barryvdh/laravel-translation-manager/commit/527446ed419f90f2319675fc5211cb8f851d7a1f"}, {"source": "security-advisories@github.com", "url": "https://github.com/barryvdh/laravel-translation-manager/pull/475"}, {"source": "security-advisories@github.com", "url": "https://github.com/barryvdh/laravel-translation-manager/releases/tag/v0.6.8"}, {"source": "security-advisories@github.com", "url": "https://github.com/barryvdh/laravel-translation-manager/security/advisories/GHSA-j226-63j7-qrqh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}