CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/02/19 8:30 p.m.•3 views

GHSA-8R7R-F4GM-WCPQ Statamic affected by privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in html fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 6.3.2 and 5.73.9...

8.1CVSS5.5AI score0.0028EPSS

Exploits0References5

RedhatCVE•added 2026/02/13 1:30 a.m.•6 views

CVE-2026-25633

Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take...

RedhatCVE•added 2026/02/13 1:30 a.m.•8 views

Exploits0References1

CVE-2026-25759

Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...

NVD•added 2026/02/11 9:16 p.m.•10 views

Exploits0References1

CVE-2026-25633

4.3CVSS0.00285EPSS

Vulnrichment•added 2026/02/11 8:37 p.m.•5 views

CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting

CVE•added 2026/02/11 8:37 p.m.•12 views

CVE-2026-25759

CVE-2026-25759 affects Statamic CMS (Laravel/Git-based). From version 6.0.0 up to, but not including, 6.2.3, there is a stored XSS in content titles. An authenticated user with content-creation permissions (and control-panel access) can inject JavaScript that executes for higher-privileged users,...

Exploits0References3Affected Software1

Cvelist•added 2026/02/11 8:37 p.m.•22 views

CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting

8.7CVSS0.00293EPSS

Cvelist•added 2026/02/11 8:33 p.m.•23 views

CVE-2026-25633 Statamic's missing authorization allows access to assets

4.3CVSS0.00285EPSS

Vulnrichment•added 2026/02/11 8:33 p.m.•2 views

CVE-2026-25633 Statamic's missing authorization allows access to assets

OSV•added 2026/02/11 8:33 p.m.•6 views

CVE-2026-25633 Statamic's missing authorization allows access to assets

CVE•added 2026/02/11 8:33 p.m.•10 views

Exploits0References6

CVE-2026-25633

Statamic CMS (Laravel + Git) contained an authorization flaw: before versions 5.73.6 and 6.2.5, users without permission to view assets could download assets and view their metadata. Logged-out users and users without control-panel access were not able to exploit this according to the report, but...

Exploits0References4Affected Software1

Github Security Blog•added 2026/02/11 6:17 p.m.•5 views

Statamic CMS vulnerable to privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in content titles allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This...

Exploits0References5Affected Software1

OSV•added 2026/02/11 4:53 p.m.•6 views

GHSA-GWMX-9GCJ-332H Statamic CMS's missing authorization allows access to assets

Impact Users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advantage of this. Patches This has been fixed in 5.73.6 and 6.2.5...

Github Security Blog•added 2026/02/11 4:53 p.m.•4 views

Exploits0References7

Statamic CMS's missing authorization allows access to assets

Exploits0References7Affected Software1

Snyk•added 2026/02/11 4:53 p.m.•5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to a missing authorization that allows access to assets. An attacker can access and download sensitive files and view their metadata by sending requests as an authenticated user without the necessary permission...

5.3CVSS5.6AI score0.00285EPSS

Exploits0References2

CNNVD•added 2026/02/11 12:0 a.m.•36 views

Statamic 跨站脚本漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows for storing all content, templates, assets, and settings in files rather than in a database. Versions of Statamic 6.0.0 to 6.2.3 had a cross-site scripting vulnerability, which originated from stored cross-site...

8.7CVSS5.7AI score0.00293EPSS

CNNVD•added 2026/02/11 12:0 a.m.•5 views

Statamic 安全漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows for storing all content, templates, assets, and settings in files rather than in a database. There were security vulnerabilities in versions of Statamic 5.73.6 and 6.2.5, which stemmed from improper access control...

4.3CVSS5.8AI score0.00285EPSS

Positive Technologies•added 2026/02/11 12:0 a.m.•5 views

PT-2026-7664

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.6 Statamic versions prior to 6.2.5 Description Statamic is a Laravel and Git powered CMS designed for building websites. Users without the necessary permissions to view assets are able to download them and view...