CVE-2026-48157— slimphp Slim 跨站脚本漏洞

Slim has Reflected XSS in the HtmlErrorRenderer

Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle() and/or setDescription() to include untrusted/request-derived data in the error title or description (e.g. "No products found matching '{$query}'."), an attacker could inject arbitrary HTML/JavaScript that executes in the victim's browser when they encounter an HTML error page generated by Slim. The vulnerability is present even with displayErrorDetails = false as the unescaped title and description are rendered on this error path. Built-in exceptions (HttpNotFoundException, HttpBadRequestException, etc.) ship plain-text defaults, so a vanilla Slim app with no user code is not exploitable. Only applications that feed untrusted data into setTitle() and/or setDescription() are affected. The issue has been fixed in 4.15.2. If developers are unable to immediately update their applications, they can work around this issue by avoiding passing untrusted/request-derived data into HttpException::setTitle() and setDescription() and using static, plain-text error copy instead. They should also register a custom error renderer (an ErrorRendererInterface implementation, or a subclass of HtmlErrorRenderer that escapes the title and description) for the HTML media type.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

slimphp Slim 跨站脚本漏洞

slimphp Slim是slimphp的一个轻量级PHP开发框架。 Slim 4.4.0版本至4.15.2之前版本存在跨站脚本漏洞，该漏洞源于当应用使用HttpException::setTitle()或setDescription()包含未验证/请求数据时，未转义数据在HTML错误页面中被渲染，可能导致攻击者注入任意HTML/JavaScript。

N/A

N/A