Security: XSS Vulnerability in Media Library Templates

## 🚨 Security: XSS Vulnerability in Media Library Templates

### **Severity:** High
### **Type:** Cross-Site Scripting (XSS)

### **Description**
The media library Blade templates contain XSS vulnerabilities due to unescaped output of the `$attributeString` variable using `{!! !!}` syntax.

### **Affected Files**
- [resources/views/vendor/media-library/image.blade.php](cci:7://file:///c:/laragon/www/Adminer/resources/views/vendor/media-library/image.blade.php:0:0-0:0)
- `resources/views/vendor/media-library/responsiveImage.blade.php`
- `resources/views/vendor/media-library/responsiveImageWithPlaceholder.blade.php`

### **Vulnerable Code**
```blade
<img{!! $attributeString !!}[if($loadingAttributeValue)](cci:4://file://if($loadingAttributeValue):0:0-0:0) loading="{{ $loadingAttributeValue }}"[endif](cci:4://file://endif:0:0-0:0) src="{{ $media->getUrl($conversion) }}" alt="{{ $media->name }}">

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Security: XSS Vulnerability in Media Library Templates #3865

🚨 Security: XSS Vulnerability in Media Library Templates

Severity: High

Type: Cross-Site Scripting (XSS)

Description

Affected Files

Vulnerable Code

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Security: XSS Vulnerability in Media Library Templates #3865

Description

🚨 Security: XSS Vulnerability in Media Library Templates

Severity: High

Type: Cross-Site Scripting (XSS)

Description

Affected Files

Vulnerable Code

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions