CVE-2022-31114

UNKNOWN 0.0

backpack/crud Vulnerable to Cross-site Scripting

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing campaign, in order to trick users or admins into clicking a malicious link, which under very specific circumstances could give them information or possibly admin access. Versions 5.0.13, 4.1.69, and 4.0.63 patch the issue. As a workaround, manually look inside error views in `resources/views/errors` and output `e($exception->getMessage())` instead of `$exception->getMessage()`.

CWE	CWE-79
Vendor	laravel-backpack
Product	crud
Published	Jun 3, 2026
Last Updated	Jun 3, 2026

Stay Ahead of the Next One

Get instant alerts for laravel-backpack crud

Be the first to know when new unknown vulnerabilities affecting laravel-backpack crud are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Laravel-Backpack / CRUD

>= 5.0.0, < 5.0.13 >= 4.0.0, < 4.1.69 < 4.0.63

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Laravel-Backpack/CRUD/security/advisories/GHSA-m8xx-3x29-84h8