GHSA-hwmc-r6mf-jh83LowDisclosed before NVD
Schema.org has cross-site scripting (XSS) via script break-out in toScript() output
📋 Description
Schema.org has a cross-site scripting (XSS) vulnerability via script break-out in toScript() output.
🎯 Affected products2
- composer/spatie/schema-org:>= 3.23.1, < 3.23.2
- composer/spatie/schema-org:>= 4.0.0, < 4.0.2
🔗 References (5)
- https://github.com/spatie/schema-org/pull/242
- https://github.com/spatie/schema-org/commit/be389b4759214c11cc1364a16e34a929c5af5a88
- https://github.com/FriendsOfPHP/security-advisories/blob/master/spatie/schema-org/2026-04-20.yaml
- https://github.com/spatie/schema-org/releases/tag/4.0.2
- https://github.com/advisories/GHSA-hwmc-r6mf-jh83