6 matches found
CVE-2026-28426
Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileg...
CVE-2026-28425 Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs
Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the...
CVE-2026-28425 Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs
Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the...
CVE-2026-28424
Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 a...
PT-2026-22423
Name of the Vulnerable Software and Affected Versions Statmatic versions prior to 5.73.11 Statmatic versions prior to 6.4.0 Description Statmatic is a Laravel and Git powered content management system CMS. Before versions 5.73.11 and 6.4.0, user email addresses were included in responses from the...
PT-2026-22422
Name of the Vulnerable Software and Affected Versions Statmatic versions prior to 5.73.11 Statmatic versions prior to 6.4.0 Description Statmatic is a content management system. When Glide image manipulation is used in insecure mode, an unauthenticated user can exploit the image proxy to make the...