CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

93 matches found

ATTACKERKB•added 2026/02/21 4:30 a.m.•4 views

CVE-2026-27196

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

8.1CVSS5.5AI score0.0028EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/02/21 4:30 a.m.•1 views

CVE-2026-27196 Statamic affected by privilege escalation via stored Cross-site Scripting

8.1CVSS5.4AI score0.0028EPSS

Exploits0References3

CNNVD•added 2026/02/21 12:0 a.m.•5 views

Statamic 跨站脚本漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.8 and earlier, as well as versions 6.0.0-alpha.1 through 6.3.1, had a cross-site scripting...

8.1CVSS5.6AI score0.0028EPSS

Exploits0References3

CVE•added 2026/02/11 8:37 p.m.•12 views

CVE-2026-25759

CVE-2026-25759 affects Statamic CMS (Laravel/Git-based). From version 6.0.0 up to, but not including, 6.2.3, there is a stored XSS in content titles. An authenticated user with content-creation permissions (and control-panel access) can inject JavaScript that executes for higher-privileged users,...

8.7CVSS5.4AI score0.00293EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/02/11 8:33 p.m.•21 views

CVE-2026-25633 Statamic's missing authorization allows access to assets

Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take...

4.3CVSS0.00285EPSS

Exploits0References4

Github Security Blog•added 2026/02/11 6:17 p.m.•5 views

Statamic CMS vulnerable to privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in content titles allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This...

8.7CVSS5.4AI score0.00293EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2026/02/11 4:53 p.m.•3 views

Statamic CMS's missing authorization allows access to assets

Impact Users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advantage of this. Patches This has been fixed in 5.73.6 and 6.2.5...

4.3CVSS5.4AI score0.00285EPSS

Exploits0References7Affected Software1

OSV•added 2026/02/11 4:53 p.m.•6 views

GHSA-GWMX-9GCJ-332H Statamic CMS's missing authorization allows access to assets

4.3CVSS5.4AI score0.00285EPSS

Exploits0References7

Positive Technologies•added 2025/10/30 12:0 a.m.•3 views

PT-2025-44441

Name of the Vulnerable Software and Affected Versions Statmatic versions prior to 5.22.1 Description Statmatic is a Laravel and Git powered content management system CMS. Stored cross-site scripting XSS issues exist in Collections and Taxonomies. Authenticated users with content creation...

8CVSS5.6AI score0.00243EPSS

Exploits0References8

NVD•added 2025/10/10 2:15 p.m.•4 views

CVE-2025-60868

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter...

6.5CVSS0.00209EPSS

Exploits0References2