Cms Security Vulnerabilities and Issues — Cms CVE List

Lucene search

StatamicCms

8 matches found

CVE•added 2022/03/25 10:15 p.m.•78 views

CVE-2022-24784

Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire has...

4.3CVSS4AI score0.00254EPSS

CVE•added 2023/11/10 7:15 p.m.•63 views

CVE-2023-47129

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This do...

9.8CVSS9.1AI score0.03765EPSS

CVE•added 2023/11/14 10:15 p.m.•62 views

CVE-2023-48217

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields...

8.8CVSS8.7AI score0.01048EPSS

CVE•added 2024/05/30 9:15 p.m.•45 views

CVE-2024-36119

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running ...

1.8CVSS3.4AI score0.00015EPSS

CVE•added 2023/11/21 11:15 p.m.•44 views

CVE-2023-48701

Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or wi...

7.5CVSS6.7AI score0.00731EPSS

CVE•added 2024/02/01 5:15 p.m.•39 views

CVE-2024-24570

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel. Additionall...

8.2CVSS6.3AI score0.01027EPSS

CVE•added 2024/11/19 5:15 p.m.•36 views

CVE-2024-52600

Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

5.3CVSS5.2AI score0.00131EPSS

CVE•added 2023/07/05 10:15 p.m.•26 views

CVE-2023-36828

Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the sanitize function. Version ...

5.5CVSS5.2AI score0.00236EPSS