Approved changes feed: RSS · Atom

cpe:2.3:a:alexusmai:laravel_file_manager:3.3.1:*:*:*:*:*:*:*

part: a version: 3.3.1 update: *

VendorAlexusmai (ed2259f4-31f4-5b08-b73b-20ee020d9144)
ProductLaravel File Manager (f875fc00-fa1f-569c-8de3-894119fa3d0a)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:composer/alexusmai/laravel-file-manager purl2cpe 2026-06-01 10:12:01.371216
pkg:github/alexusmai/laravel-file-manager purl2cpe 2026-06-01 10:12:01.371218

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-63307 vulnerable 2026-06-08 07:39:17.523290 Details available
alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting (XSS). The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization.
Published: 2025-11-06T00:00:00.000Z
Updated: 2025-11-06T19:08:37.837Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.