{"cve_id":"CVE-2022-31114","summary":"backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing campaign, in order to trick users or admins into clicking a malicious link, which under very specific circumstances could give them information or possibly admin access. Versions 5.0.13, 4.1.69, and 4.0.63 patch the issue. As a workaround, manually look inside error views in `resources/views/errors` and output `e($exception->getMessage())` instead of `$exception->getMessage()`.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.1,"epss":0.00062,"ranking_epss":0.19485,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Laravel-Backpack/CRUD/security/advisories/GHSA-m8xx-3x29-84h8"],"cpes":[],"published_time":"2026-06-03T16:16:18","euvd":{"id":"EUVD-2022-55999","description":"backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing campaign, in order to trick users or admins into clicking a malicious link, which under very specific circumstances could give them information or possibly admin access. Versions 5.0.13, 4.1.69, and 4.0.63 patch the issue. As a workaround, manually look inside error views in `resources/views/errors` and output `e($exception->getMessage())` instead of `$exception->getMessage()`.","published_time":"2026-06-03T14:41:41","cvss":5.1,"cvss_version":"4.0","epss":0.0005,"assigner":"GitHub_M","references":["https://github.com/Laravel-Backpack/CRUD/security/advisories/GHSA-m8xx-3x29-84h8"],"products":["CRUD","CRUD","CRUD"],"vendors":["Laravel-Backpack"]}}