{"id":"CVE-2022-31114","summary":"backpack/crud Vulnerable to Cross-site Scripting","details":"backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing campaign, in order to trick users or admins into clicking a malicious link, which under very specific circumstances could give them information or possibly admin access. Versions 5.0.13, 4.1.69, and 4.0.63 patch the issue. As a workaround, manually look inside error views in `resources/views/errors` and output `e($exception-\u003egetMessage())` instead of `$exception-\u003egetMessage()`.","aliases":["GHSA-m8xx-3x29-84h8"],"modified":"2026-06-18T03:56:37.439447617Z","published":"2026-06-03T14:41:41.395Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31114.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31114.json"},{"type":"ADVISORY","url":"https://github.com/Laravel-Backpack/CRUD/security/advisories/GHSA-m8xx-3x29-84h8"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31114"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/laravel-backpack/crud","events":[{"introduced":"c4eb4aeb55dfaf29ecd3f5e0e35ba4321d9c004a"},{"fixed":"d78f4263f5eef1e7761ba2d55d81959f4de559b6"},{"introduced":"0a71ac74489312835948a250ab6db709fbbb9451"},{"fixed":"248e2e034cedcffe01732cdce01fb3d1ecad9ffa"},{"introduced":"0"},{"fixed":"61c989db281d8e3ee184bb6a6f54912d7e1531e7"}],"database_specific":{"extracted_events":[{"introduced":"5.0.0"},{"fixed":"5.0.13"},{"introduced":"4.0.0"},{"fixed":"4.1.69"},{"introduced":"0"},{"fixed":"4.0.63"}],"source":"AFFECTED_FIELD"}}],"versions":["4.0.62","4.1.68","4.1.67","4.0.61","5.0.12","5.0.11","5.0.10","5.0.9","4.1.66","5.0.8","5.0.7","5.0.6","5.0.5","5.0.4","5.0.3","5.0.2","5.0.0","4.1.65","4.1.64","4.1.63","4.1.62","4.1.61","4.1.58","4.1.60","4.1.59","4.1.57","4.1.56","4.1.55","4.1.54","4.1.53","4.1.52","4.1.51","4.1.50","4.1.49","4.1.48","4.1.47","4.1.46","4.1.45","4.1.43","4.1.44","4.1.42","4.1.41","4.1.40","4.1.39","4.1.38","4.1.37","4.1.36","4.1.35","4.1.34","4.1.33","4.1.32","4.1.31","4.1.30","4.1.29","4.1.28","4.1.27","4.1.26","4.1.25","4.1.24","4.1.23","4.1.22","4.1.21","4.1.20","4.1.19","4.1.18","4.1.17","4.1.16","4.1.14","4.1.13","4.1.12","4.1.11","4.1.10","4.1.9","4.1.8","4.1.7","4.1.4","4.1.6","4.1.5","4.1.3","4.1.2","4.1.1","4.0.60","4.0.59","4.0.58","4.0.57","4.0.56","4.0.55","4.0.54","4.0.48","4.0.53","4.0.52","4.0.51","4.0.50","4.0.49","v4.0.46","4.0.45","4.0.44","4.0.43","4.0.42","4.0.41","4.0.40","4.0.38","4.0.37","4.0.36","4.0.35","4.0.34","4.0.33","4.0.32","4.0.31","4.0.9","4.0.30","4.0.29","4.0.28","4.0.27","4.0.26","4.0.25","4.0.24","4.0.23","4.0.22","4.0.21","4.0.20","4.0.13","4.0.12","4.0.11","4.0.10","4.0.8","4.0.7","4.0.6","4.0.5","4.0.3","4.0.2","4.0.1","4.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31114.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"}]}