CVE-2020-9322

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...

Statamic Core 安全漏洞

Statamic Core is a core component of a content management system from US-based Statamic. A security vulnerability exists in versions of Statamic Core prior to 2.11.8 that stems from the /users endpoint not properly validating input, which could lead to a cross-site scripting attack...

CVE-2020-9322

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...

CVE-2020-9322

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...

CVE-2020-9322

Statamic Core prior to 2.11.8 exposes a cross-site scripting (XSS) vulnerability via the /users endpoint. This can be exploited through CSRF to create an administrator user. Stored XSS is possible when a JavaScript payload is placed in the username during account registration, and reflected XSS c...

PT-2025-32359 · Unknown · Statamic Core

Name of the Vulnerable Software and Affected Versions: Statamic Core versions prior to 2.11.8 Description: The /users endpoint is susceptible to cross-site scripting XSS, potentially allowing an attacker to add an administrator user. Exploitation can occur through Cross-Site Request Forgery CSRF...