11 matches found
CVE-2026-33887
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...
CVE-2026-33887
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...
CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...
CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...
CVE-2026-33887
Statamic CMS (Laravel/Git) contains a vulnerability in revision controllers: before versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, bypassing collection permissions and exposing entry field values and blueprint da...
CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...
Statamic allows unauthorized content access through missing authorization in its revision controllers
Impact Authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the authorization checks that the main entry controllers enforce, exposing entry field values and...
GHSA-4HP7-3WXG-CV9Q Statamic allows unauthorized content access through missing authorization in its revision controllers
Impact Authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the authorization checks that the main entry controllers enforce, exposing entry field values and...
PT-2026-28554
Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.16 Statamic versions prior to 6.7.2 Description Statamic is a Laravel and Git powered content management system CMS. Authenticated Control Panel users could view entry revisions for any collection with revisions...
GHSA-MW37-WX8P-GP45 Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
Craft CMS 3.70-RC1–3.7.55.1 and 4.0.0-RC1–4.2.0.1 are vulnerable to Cross Site Scripting XSS via entry revisions and drafts. Versions 3.7.55.2 and 4.2.1 contain patches for this issue...
Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
Craft CMS 3.70-RC1–3.7.55.1 and 4.0.0-RC1–4.2.0.1 are vulnerable to Cross Site Scripting XSS via entry revisions and drafts. Versions 3.7.55.2 and 4.2.1 contain patches for this issue...