Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Range or Values summarizer, which renders raw database values without escaping HTML. An attacker can execute arbitrary HTML or JavaScript in the context of affected users by injecting malicious content...

CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...

CVE-2026-33080

Filament (Laravel) has a stored XSS risk in the Table summarizers Range and Values. Affected versions: 4.0.0–4.8.4 and 5.0.0–5.3.4 render raw database values without escaping HTML, enabling malicious HTML/JavaScript in unvalidated data shown by those summarizers. Remediation: upgrade to 4.8.5 or ...

GHSA-VV3X-J2X5-36JC Filament Unvalidated Range and Values summarizer values can be used for XSS

Two Table summarizers Range, Values render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the table with...