CVE-2024-36119 Password confirmation stored in plain text via registration form in statamic/cms

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:registerform tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running...

CVE-2024-36119 Password confirmation stored in plain text via registration form in statamic/cms

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:registerform tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running...

CVE-2024-36119 Password confirmation stored in plain text via registration form in statamic/cms

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:registerform tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running...

CVE-2024-36119

CVE-2024-36119 affects Statamic CMS (versions 5.3.0–5.6.1) where password_confirmation data is stored in plain text in user YAML files for users registered during the affected window when using the user:register_form tag with file-based accounts. The issue’s root cause is insecure handling of pas...

Statamic CMS Security Vulnerability

Statamic is a powerful flat file Cms built on Laravel by Statamic USA. used to store all content, templates, assets and settings in a file instead of a database. A security vulnerability exists in Statamic CMS versions 5.3.0 through 5.6.1, which stems from a user's password confirmation informati...

Statamic CMS Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored Cross-Site Scripting vulnerabilities product: Statamic CMS vulnerable version: =4.46.0, =3.4.17 CVE number: CVE-2024-24570 impact: high homepage:...

Cross-site Scripting

statamic/cms is vulnerable to Cross-site Scripting. The vulnerability is due to there is no sanitizing or validating the contents of uploaded files. This allows attackers to upload HTML files disguised as JPG files, enabling the execution of malicious scripts...

CVE-2024-24570

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

Cross site scripting

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

CVE-2024-24570 Statamic account takeover via XSS and password reset link

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

CVE-2024-24570

Statamic CMS is affected by a cross-site scripting vulnerability (CVE-2024-24570) where HTML files disguised as JPEGs could be uploaded via front-end asset fields, control-panel asset fields, and the asset browser. The root cause is improper mime-type validation, enabling XSS execution by authent...

CVE-2024-24570 Statamic account takeover via XSS and password reset link

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

CVE-2024-24570 Statamic account takeover via XSS and password reset link

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

Statamic Cross-Site Scripting Vulnerability

Statamic is a powerful flat file Cms built on Laravel by Statamic, Inc. for storing all content, templates, assets, and settings in files instead of a database. A cross-site scripting vulnerability exists in Statamic that stems from an attacker being able to craft and upload HTML files that look...

PT-2024-20460 · Statamic · Statamic

Name of the Vulnerable Software and Affected Versions: Statamic versions prior to 3.4.17 Statamic versions prior to 4.46.0 Description: The issue allows HTML files crafted to look like jpg files to be uploaded, enabling cross-site scripting XSS attacks. This affects front-end forms with asset...

Cross Site Scripting (XSS)

Statamic CMS is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper MIME validation when uploading files. This could allow an attacker to inject JavaScript via upload image file feature...

CVE-2023-48701

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

Authentication flaw

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

CVE-2023-48701

Statamic CMS (Laravel/Git) suffers a Cross-site Scripting (XSS) via uploaded assets vulnerability (CVE-2023-48701). Before versions 3.4.15 and 4.36.0, HTML files crafted to look like images could be uploaded regardless of MIME validation via front-end Forms assets fields or the authenticated cont...

CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...