EUVD-2022-2617

Malicious code in bioql PyPI...

CVE-2020-9322

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...

Statamic Core 安全漏洞

Statamic Core is a core component of a content management system from US-based Statamic. A security vulnerability exists in versions of Statamic Core prior to 2.11.8 that stems from the /users endpoint not properly validating input, which could lead to a cross-site scripting attack...

PT-2025-32359 · Unknown · Statamic Core

Name of the Vulnerable Software and Affected Versions: Statamic Core versions prior to 2.11.8 Description: The /users endpoint is susceptible to cross-site scripting XSS, potentially allowing an attacker to add an administrator user. Exploitation can occur through Cross-Site Request Forgery CSRF...

CVE-2020-9322

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...

CVE-2020-9322

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...

CVE-2020-9322

Statamic Core prior to 2.11.8 exposes a cross-site scripting (XSS) vulnerability via the /users endpoint. This can be exploited through CSRF to create an administrator user. Stored XSS is possible when a JavaScript payload is placed in the username during account registration, and reflected XSS c...

CVE-2023-48701

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

CVE-2023-48217

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...

CVE-2023-36828

Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the sanitize function. Versio...

CVE-2024-24570

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

Directory Traversal

statamic/cms is vulnerable to Directory Traversal. The vulnerability is due to improperly handled filenames in asset uploads, which could allow files to be placed in unintended locations on the server, potentially overriding existing files...

GHSA-P7F6-8MCM-FWV3 Statamic CMS has a Path Traversal in Asset Upload

Assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. Impact - Affects front-end forms with assets fields. - Affects other places where assets can be uploaded, although users would need upload permissions anyway. -...

Statamic CMS has a Path Traversal in Asset Upload

Assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. Impact - Affects front-end forms with assets fields. - Affects other places where assets can be uploaded, although users would need upload permissions anyway. -...

CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

Statamic 路径遍历漏洞

Statamic is a powerful flat file Cms built on Laravel by Statamic, Inc. for storing all content, templates, assets, and settings in files instead of a database. A path traversal vulnerability exists in Statamic versions prior to 5.17.0 that stems from the use of carefully constructed filenames...

Cleartext Password Storage

statamic/cms is vulnerable to Cleartext Password Storage. This vulnerability is due to the insecure handling of password confirmation data, which affects users registered via the user:registerform tag and using file-based user accounts. The vulnerability allows an attacker, who gains access to us...

Password confirmation stored in plain text via registration form in statamic/cms

Users registering via the user:registerform tag will have their password confirmation stored in plain text in their user file. Impact This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. This version range represents only one...

CVE-2024-36119

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:registerform tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running...