CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

343 matches found

Exploit DB•added 2023/07/19 12:0 a.m.•180 views

Statamic 4.7.0 - File-Inclusion

Title: Statamic 4.7.0 - File-Inclusion Author: nu11secur1ty Date: 07.13.2023 Vendor: https://statamic.com/ Software: https://demo.statamic.com/ Reference: https://portswigger.net/web-security/file-upload Description: The statamic-4.7.0 suffers from file inclusion - file upload vulnerability. The...

7.4AI score

Exploits0

OSV•added 2023/07/06 8:56 p.m.•14 views

GHSA-6R5G-CQ4Q-327G Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG

Antlers sanitizer cannot effectively sanitize malicious SVG Summary The SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform XSS attacks using SVG, even when using the sanitize function. Details Regarding the previous discussion mentioned here,...

5.5CVSS5.5AI score0.0055EPSS

Exploits1References8

Github Security Blog•added 2023/07/06 8:56 p.m.•16 views

Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG

5.5CVSS6.6AI score0.0055EPSS

Exploits1References8Affected Software1

Veracode•added 2023/07/06 7:7 a.m.•21 views

Cross-Site Scripting (XSS)

statamic/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in the index function at Svg.php because the SVG tag does not sanitize malicious SVG which allows an attacker to inject and execute arbitrary JavaScript...

5.5CVSS6.5AI score0.0055EPSS

Exploits1References6Affected Software1

NVD•added 2023/07/05 10:15 p.m.•9 views

CVE-2023-36828

Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the sanitize function. Versio...

5.5CVSS5.2AI score0.0055EPSS

Exploits1References6

Prion•added 2023/07/05 10:15 p.m.•12 views

Cross site scripting

4.9CVSS5.2AI score0.0055EPSS

Exploits1References6Affected Software1

Vulnrichment•added 2023/07/05 9:30 p.m.•11 views

CVE-2023-36828 Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG

5.5CVSS5.2AI score0.0055EPSS

Exploits1References6

Cvelist•added 2023/07/05 9:30 p.m.•13 views

CVE-2023-36828 Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG

5.5CVSS5.5AI score0.0055EPSS

Exploits1References6

CVE•added 2023/07/05 9:30 p.m.•35 views

CVE-2023-36828

Statamic CMS is affected by CVE-2023-36828 where the SVG tag fails to sanitize malicious SVG, enabling potential XSS when rendering SVG content via Antlers/SVG output. The root cause is insufficient sanitization in Svg.php (and related sanitizer logic), with a known patch released in version 4.10...

5.5CVSS5.2AI score0.0055EPSS

Exploits1References6Affected Software1

OSV•added 2023/07/05 9:30 p.m.•10 views

CVE-2023-36828 Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG

5.5CVSS5.2AI score0.0055EPSS

Exploits1References8

Circl•added 2023/07/05 4:34 p.m.•1 views

CVE-2023-36828

creationtimestamp| type| source ---|---|--- 2023-07-05 16:34:47+00:00| published-proof-of-concept| https://github.com/statamic/cms/security/advisories/GHSA-6r5g-cq4q-327g...

5.5CVSS6AI score0.0055EPSS

Exploits1References1

CNNVD•added 2023/07/05 12:0 a.m.•2 views

Statamic 跨站脚本漏洞

Statamic is a powerful flat file Cms built on Laravel by Statamic, Inc. for storing all content, templates, assets, and settings in files instead of a database. A cross-site scripting vulnerability exists in Statamic versions prior to 4.10.0, which stems from an SVG tag that does not clear...

5.5CVSS5.4AI score0.0055EPSS

Exploits1References8

SUSE CVE•added 2023/02/15 4:42 a.m.•4 views

SUSE CVE-2017-11422

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...

8.8CVSS7AI score0.00867EPSS

Exploits0References3

Github Security Blog•added 2022/05/13 1:12 a.m.•21 views

Statamic framework Incorrect Permission Assignment

8.8CVSS6.8AI score0.00867EPSS

Exploits0References2Affected Software1

OSV•added 2022/05/13 1:12 a.m.•8 views

GHSA-5M64-9HQ5-5PF2 Statamic framework Incorrect Permission Assignment

8.8CVSS8.7AI score0.00867EPSS

Exploits0References1

Veracode•added 2022/03/28 7:20 a.m.•26 views

Information Disclosure

statamic/cms is vulnerable to information disclosure. The vulnerability exists because it allows to filer a user by password hash which allows an attacker to gain access to sensitive information using a specially crafted regular expression filter in the users endpoint of REST API...

3.7CVSS4.6AI score0.00994EPSS

Exploits0References6Affected Software1

NVD•added 2022/03/25 10:15 p.m.•11 views

CVE-2022-24784

Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...

4.3CVSS0.00994EPSS

Exploits0References3

Prion•added 2022/03/25 10:15 p.m.•17 views

Design/Logic Flaw

4.3CVSS4.2AI score0.00994EPSS

Exploits0References3Affected Software1

Cvelist•added 2022/03/25 9:40 p.m.•15 views

CVE-2022-24784 Discoverability of user password hash in Statamic CMS

3.7CVSS4.6AI score0.00994EPSS

Exploits0References3

CVE•added 2022/03/25 9:40 p.m.•90 views

CVE-2022-24784

CVE-2022-24784 affects the Statamic CMS (Laravel/Git powered). Before versions 3.2.39 and 3.3.2, an attacker could confirm a single character of a user’s password hash by sending crafted requests to the REST API’s users endpoint using a regular expression filter. Repeated requests could gradually...

4.3CVSS4AI score0.00994EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by