Lucene search
K

99 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.30 views

EUVD-2023-2924

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.007EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 4:22 a.m.21 views

CVE-2023-48701

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

7.5CVSS6.6AI score0.007EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:20 a.m.6 views

CVE-2024-24570

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

8.2CVSS6.4AI score0.00734EPSS
Exploits1References1
Veracode
Veracode
added 2024/11/25 5:8 p.m.10 views

Directory Traversal

statamic/cms is vulnerable to Directory Traversal. The vulnerability is due to improperly handled filenames in asset uploads, which could allow files to be placed in unintended locations on the server, potentially overriding existing files...

5.3CVSS6.6AI score0.00561EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/11/19 6:3 p.m.16 views

GHSA-P7F6-8MCM-FWV3 Statamic CMS has a Path Traversal in Asset Upload

Assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. Impact - Affects front-end forms with assets fields. - Affects other places where assets can be uploaded, although users would need upload permissions anyway. -...

5.3CVSS5.2AI score0.00561EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/11/19 6:3 p.m.22 views

Statamic CMS has a Path Traversal in Asset Upload

Assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. Impact - Affects front-end forms with assets fields. - Affects other places where assets can be uploaded, although users would need upload permissions anyway. -...

5.3CVSS6.9AI score0.00561EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2024/11/19 4:30 p.m.20 views

CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

5.3CVSS0.00561EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/19 4:30 p.m.14 views

CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

5.3CVSS6.8AI score0.00561EPSS
Exploits0References4
Veracode
Veracode
added 2024/06/05 6:44 a.m.17 views

Cleartext Password Storage

statamic/cms is vulnerable to Cleartext Password Storage. This vulnerability is due to the insecure handling of password confirmation data, which affects users registered via the user:registerform tag and using file-based user accounts. The vulnerability allows an attacker, who gains access to us...

1.8CVSS3.8AI score0.00137EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/05/30 9:15 p.m.13 views

CVE-2024-36119

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:registerform tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running...

1.8CVSS3.5AI score0.00137EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/30 8:57 p.m.21 views

CVE-2024-36119 Password confirmation stored in plain text via registration form in statamic/cms

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:registerform tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running...

1.8CVSS3.4AI score0.00137EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/30 8:57 p.m.15 views

CVE-2024-36119 Password confirmation stored in plain text via registration form in statamic/cms

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:registerform tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running...

1.8CVSS3.6AI score0.00137EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2024/02/14 12:0 a.m.536 views

Statamic CMS Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored Cross-Site Scripting vulnerabilities product: Statamic CMS vulnerable version: =4.46.0, =3.4.17 CVE number: CVE-2024-24570 impact: high homepage:...

8.2CVSS7.4AI score0.00734EPSS
Exploits1
Veracode
Veracode
added 2024/02/02 8:1 a.m.15 views

Cross-site Scripting

statamic/cms is vulnerable to Cross-site Scripting. The vulnerability is due to there is no sanitizing or validating the contents of uploaded files. This allows attackers to upload HTML files disguised as JPG files, enabling the execution of malicious scripts...

8.2CVSS6.7AI score0.00734EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2024/02/01 5:15 p.m.18 views

Cross site scripting

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

5.8CVSS6.7AI score0.00734EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/02/01 4:42 p.m.7 views

CVE-2024-24570 Statamic account takeover via XSS and password reset link

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

8.2CVSS6.8AI score0.00734EPSS
Exploits1References5
Veracode
Veracode
added 2023/11/22 7:29 a.m.19 views

Cross Site Scripting (XSS)

Statamic CMS is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper MIME validation when uploading files. This could allow an attacker to inject JavaScript via upload image file feature...

7.5CVSS7AI score0.007EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/11/21 11:15 p.m.50 views

CVE-2023-48701

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

7.5CVSS0.007EPSS
Exploits0References3
Prion
Prion
added 2023/11/21 11:15 p.m.16 views

Authentication flaw

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

5.8CVSS6.9AI score0.007EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/11/21 10:34 p.m.45 views

CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

7.5CVSS7.6AI score0.007EPSS
Exploits0References3
Rows per page
Query Builder