CVE-2024-47186 – This CVE describes a cross-site scripting (XSS)... (How to Fix)

Q: What is the severity of CVE-2024-47186?

CVE-2024-47186 has a CVSS score of 6.1 (MEDIUM). This CVE describes a cross-site scripting (XSS) vulnerability in Filament, a Laravel development component collection. Attackers can inject malicious scripts via ColorColumn or ColumnEntry values, which execute when users view affected pages. All Filament users running versions 3.0.0 through 3.2.114 are vulnerable.

📋 TL;DR

This CVE describes a cross-site scripting (XSS) vulnerability in Filament, a Laravel development component collection. Attackers can inject malicious scripts via ColorColumn or ColumnEntry values, which execute when users view affected pages. All Filament users running versions 3.0.0 through 3.2.114 are vulnerable.

💻 Affected Systems

Products:

Filament

Versions: v3.0.0 through v3.2.114

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications using ColorColumn or ColumnEntry components with untrusted input.

📦 What is this software?

Filament by Filamentphp

View all CVEs affecting Filament →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal session cookies, perform actions as authenticated users, or redirect to malicious sites, potentially leading to account compromise and data theft.

🟠

Likely Case

Attackers inject malicious scripts to steal session tokens or user data from users viewing vulnerable pages.

🟢

If Mitigated

With proper input validation and output encoding, the impact is limited to failed injection attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to inject malicious values into ColorColumn or ColumnEntry fields, typically requiring some level of application access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.2.115

Vendor Advisory: https://github.com/filamentphp/filament/security/advisories/GHSA-9h9q-qhxg-89xr

Restart Required: No

Instructions:

1. Update Filament to v3.2.115 or later via Composer: composer require filament/filament:"^3.2.115" 2. Run composer update 3. Clear Laravel cache: php artisan cache:clear

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation for all values passed to ColorColumn and ColumnEntry components

Output Encoding

all

Apply proper HTML encoding to all user-controlled data before rendering in ColorColumn or ColumnEntry

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Disable or restrict access to vulnerable pages containing ColorColumn or ColumnEntry components

🔍 How to Verify

Check if Vulnerable:

Check composer.json or run: composer show filament/filament | grep version

Check Version:

composer show filament/filament | grep version

Verify Fix Applied:

Confirm version is v3.2.115 or higher: composer show filament/filament | grep version

📡 Detection & Monitoring

Log Indicators:

Unusual characters in ColorColumn/ColumnEntry values
Multiple failed validation attempts on color/column fields

Network Indicators:

Script tags or JavaScript in HTTP POST parameters to Filament endpoints

SIEM Query:

source="web_logs" AND ("ColorColumn" OR "ColumnEntry") AND ("<script>" OR "javascript:")

📊 Metadata

CVE ID: CVE-2024-47186

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: September 27, 2024

Last Updated: October 7, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47186, you might also want to check these: