CVE-2025-49130 MEDIUM

CVE-2025-49130: Laravel Translation Manager Vulnerable to Stored Cross-site Scripting

Vendor Barryvdh

Product laravel-translation-manager

Weakness CWE-79 · XSS

Published June 9, 2025

Last update June 9, 2025

View on NVD All CVEs

CVSS base score

6.0/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

What the vulnerability does

Description

Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Only authenticated users with access to the translation manager are impacted. The issue is fixed in version 0.6.8.

Key dates

Disclosure timeline

June 9, 2025 CVE published

June 9, 2025 Record updated