3 matches found
CVE-2024-47186
Filament (Laravel components) contains an XSS vulnerability in ColorColumn and ColorEntry due to unvalidated values that may include a specific set of characters. Affected versions are Filament v3.0.0 through v3.2.114; v3.2.115 contains the fix. Remediation is to upgrade to Filament v3.2.115 or h...
CVE-2026-33080
Filament (Laravel) has a stored XSS risk in the Table summarizers Range and Values. Affected versions: 4.0.0–4.8.4 and 5.0.0–5.3.4 render raw database values without escaping HTML, enabling malicious HTML/JavaScript in unvalidated data shown by those summarizers. Remediation: upgrade to 4.8.5 or ...
CVE-2025-67507
CVE-2025-67507 affects Filament versions 4.0.0 through 4.3.0. The vulnerability arises in the handling of app-based multi-factor authentication recovery codes, allowing the same recovery code to be reused indefinitely when recovery codes are enabled (email-based MFA is unaffected). Root cause: im...