112 matches found
shopper 安全漏洞
Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that multiple Filament operations listed in administrator order details and order shipping tables...
CVE-2026-33080
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...
CVE-2026-33080
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...
CVE-2026-33080
Filament (Laravel) has a stored XSS risk in the Table summarizers Range and Values. Affected versions: 4.0.0–4.8.4 and 5.0.0–5.3.4 render raw database values without escaping HTML, enabling malicious HTML/JavaScript in unvalidated data shown by those summarizers. Remediation: upgrade to 4.8.5 or ...
CVE-2026-33080
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...
CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...
CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...
CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...
Filament 安全漏洞
Filament is a set of open-source full-stack components developed by Filament, designed to accelerate Laravel development. Versions 4.0.0 to 4.8.4, as well as 5.0.0 to 5.3.4, have security vulnerabilities. These vulnerabilities stem from two Filament Table summarizers not being escaped HTML...
GHSA-VV3X-J2X5-36JC Filament Unvalidated Range and Values summarizer values can be used for XSS
Two Filament Table summarizers Range, Values render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the...
Filament Unvalidated Range and Values summarizer values can be used for XSS
Two Filament Table summarizers Range, Values render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the...
PT-2026-26189
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...
Improper Authentication Control
Filament is vulnerable to improper authentication control. The vulnerability is due to improper handling of app-based MFA recovery codes, which allows an attacker to reuse the same recovery code indefinitely to bypass authentication...
CVE-2025-67507
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...
Authentication Bypass Using an Alternate Path or Channel
Overview filament/filament is an A collection of full-stack components for accelerated Laravel app development. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to the handling of recovery codes for app-based multi-factor...
CVE-2025-67507
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...
CVE-2025-67507 Filament's multi-factor authentication (app) recovery codes can be used multiple times
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...
CVE-2025-67507 Filament's multi-factor authentication (app) recovery codes can be used multiple times
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...
CVE-2025-67507
CVE-2025-67507 affects Filament versions 4.0.0 through 4.3.0. The vulnerability arises in the handling of app-based multi-factor authentication recovery codes, allowing the same recovery code to be reused indefinitely when recovery codes are enabled (email-based MFA is unaffected). Root cause: im...
EUVD-2025-202172
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...