MEDIUM
slimphp
CVE published 2026-06-15
CVE-2026-48157
CVE-2026-48157 is a Medium-severity vulnerability (CVSS Score: 6.1) affecting the Slim PHP micro framework, specifically versions 4.4.0 through 4.15. An attacker can inject arbitrary HTML/JavaScript into error pages generated by Slim if an application uses HttpException::setTitle() and/or setDescription() with untrusted/request-derived data. This issue is present even when displayErrorDetails is set to fa [truncated]