LOW
GHSA-hwmc-r6mf-jh83
Schema.org has cross-site scripting (XSS) via script break-out in toScript() output
Details
Schema.org has a cross-site scripting (XSS) vulnerability via script break-out in toScript() output.
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist / spatie/schema-org
Introduced in:
3.23.1 Fixed in: 3.23.2 Fix
composer require spatie/schema-org:^3.23.2 Packagist / spatie/schema-org
Introduced in:
4.0.0 Fixed in: 4.0.2 Fix
composer require spatie/schema-org:^4.0.2 References
- https://github.com/spatie/schema-org/pull/242 [WEB]
- https://github.com/spatie/schema-org/commit/be389b4759214c11cc1364a16e34a929c5af5a88 [WEB]
- https://github.com/FriendsOfPHP/security-advisories/blob/master/spatie/schema-org/2026-04-20.yaml [WEB]
- https://github.com/spatie/schema-org [PACKAGE]
- https://github.com/spatie/schema-org/releases/tag/4.0.2 [WEB]