Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-2817 | LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. Version 2.9.17 fixes this issue. |
Github GHSA |
GHSA-j827-6rgf-9629 | Layui has DOM Clobbering gadgets that leads to Cross-site Scripting |
Fri, 15 Aug 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:layui:layui:*:*:*:*:*:*:*:* |
Sun, 13 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Thu, 26 Sep 2024 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 26 Sep 2024 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. Version 2.9.17 fixes this issue. | |
| Title | DOM Clobbering gadgets found in layui that lead to Cross-site Scripting | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-09-26T18:06:22.177Z
Reserved: 2024-09-17T17:42:37.029Z
Link: CVE-2024-47075
Updated: 2024-09-26T18:06:06.699Z
Status : Analyzed
Published: 2024-09-26T18:15:08.757
Modified: 2026-06-17T07:56:30.017
Link: CVE-2024-47075
No data.
OpenCVE Enrichment
Updated: 2025-07-13T11:22:46Z
EUVD
Github GHSA