4 matches found
CVE-2026-33885
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the external URL detection used for redirect validation on unauthenticated endpoints could be bypassed, allowing users to be redirected to external URLs after actions like form submissions an...
CVE-2026-33885 Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the external URL detection used for redirect validation on unauthenticated endpoints could be bypassed, allowing users to be redirected to external URLs after actions like form submissions an...
CVE-2026-33883
Overview: CVE-2026-33883 affects Statamic CMS (Laravel/Git-powered). Prior to versions 5.73.16 and 6.7.2, the tag user:reset_password_form could render user input directly into HTML without escaping, enabling a reflected XSS via a crafted URL that executes arbitrary JavaScript in a victim’s brows...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the live preview. An attacker can gain unauthorized access to restricted content by using a valid live preview token intended for a different entry. Remediation Upgrade statamic/cms to version 5.73.16, 6.7.2 ...