3 matches found
CVE-2023-48701
Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...
CVE-2023-48701
Statamic CMS (Laravel/Git) suffers a Cross-site Scripting (XSS) via uploaded assets vulnerability (CVE-2023-48701). Before versions 3.4.15 and 4.36.0, HTML files crafted to look like images could be uploaded regardless of MIME validation via front-end Forms assets fields or the authenticated cont...
CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets
Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...