Vulnerability Database

309,587

Total vulnerabilities in the database

CVE-2025-26159

Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field.

Published: Apr 22, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-26159
GHSA: GHSA-fpx3-h2pc-88vf
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
nasirkhan / laravel-starter	-	11.11.0

https://github.com/nasirkhan/laravel-starter
https://godbadtry.github.io/posts/CVE-2025-26159
https://godbadtry.github.io/posts/CVE-2025-26159/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo