Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package layui, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2024-47075 — CVSS 6.4 (medium): LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead…
CVE-2023-50550 — CVSS 5.4 (medium): layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter.
CVE-2023-3691 — CVSS 3.5 (low): A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component…