Lucene search
+L

40 matches found

Prion
Prion
added 2023/11/21 11:15 p.m.19 views

Authentication flaw

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

5.8CVSS6.9AI score0.007EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/11/21 10:34 p.m.50 views

CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

7.5CVSS7.6AI score0.007EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/11/14 10:25 p.m.48 views

Statamic CMS vulnerable to remote code execution via form uploads

Impact Similar to another advisory, certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Patches It has been patched in 3.4.14 and...

8.8CVSS6.9AI score0.01104EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2023/11/14 10:15 p.m.34 views

CVE-2023-48217

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...

8.8CVSS0.01104EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/11/14 9:38 p.m.12 views

CVE-2023-48217 Remote code execution via form uploads in statamic/cms

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...

8.8CVSS6.9AI score0.01104EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/14 9:38 p.m.34 views

CVE-2023-48217 Remote code execution via form uploads in statamic/cms

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...

8.8CVSS9AI score0.01104EPSS
Exploits0References2
OSV
OSV
added 2023/11/12 3:57 p.m.96 views

GHSA-72HG-5WR5-RMFC Statamic CMS remote code execution via front-end form uploads

Impact On front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded regardless of mime validation rules. This only affects forms using the "Forms" feature and not just any arbitrary form. This does not affect the control panel. Patches It has been patched i...

8.3CVSS9.2AI score0.01121EPSS
Exploits0References5
NVD
NVD
added 2023/11/10 7:15 p.m.39 views

CVE-2023-47129

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This...

9.8CVSS0.01121EPSS
Exploits0References3
OSV
OSV
added 2021/07/02 6:36 p.m.25 views

GHSA-3JXH-789F-P7M6 Craft CMS Cross-site Scripting Vulnerability

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads...

6.1CVSS5.9AI score0.00987EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/07/02 6:36 p.m.81 views

Craft CMS Cross-site Scripting Vulnerability

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads...

6.1CVSS5.8AI score0.00987EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/06/30 12:15 p.m.16 views

CVE-2021-27902

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads...

6.1CVSS0.00987EPSS
Exploits0References3
OSV
OSV
added 2021/06/30 12:15 p.m.18 views

CVE-2021-27902

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads...

6.1CVSS6AI score
Exploits0References3
Prion
Prion
added 2021/06/30 12:15 p.m.21 views

Cross site scripting

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads...

4.3CVSS5.8AI score0.00987EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/06/30 11:56 a.m.69 views

CVE-2021-27902

CVE-2021-27902 affects Craft CMS prior to 3.6.0. The connected documents describe a cross-site scripting (XSS) vulnerability in a front-end form that accepts user uploads. The root cause details and exploitation specifics are not provided in the documents. Scope is limited toCraft CMS versions be...

6.1CVSS5.9AI score0.00987EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/10/07 9:15 p.m.51 views

CVE-2020-25768

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...

5.3CVSS0.00819EPSS
Exploits0References2
OSV
OSV
added 2020/10/07 9:15 p.m.14 views

CVE-2020-25768

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...

5.3CVSS6.7AI score
Exploits0References2
CVE
CVE
added 2020/10/07 8:37 p.m.80 views

CVE-2020-25768

CVE-2020-25768 (Contao) involves improper input validation that allows insertion of insert tags in front-end forms, which are later rendered as part of the page. Affected products/versions include Contao prior to 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1. The underlying issue is inject...

5.3CVSS5AI score0.00819EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/24 4:23 p.m.49 views

Contao Insert tag injection in forms

Impact It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Patches Update to Contao 4.4.52, 4.9.6 or 4.10.1. Workarounds Disable the front end login form and do not use form fields with array keys such as fieldname. References...

5.3CVSS5.1AI score0.00819EPSS
Exploits0References7Affected Software2
Contao
Contao
added 2020/09/24 12:0 a.m.70 views

Insert tag injection in forms

Date : 2020-09-24 CVE ID : CVE-2020-25768 Description It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.51 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao...

5.3CVSS5AI score0.00819EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.45 views

Insert tag injection in front end forms

More info at https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html...

5.3CVSS7.2AI score0.00819EPSS
Exploits0Affected Software1
Rows per page
Query Builder