Search
Search Results (24 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47129 | 1 Statamic | 1 Statamic | 2024-11-21 | 8.4 High |
| Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0. | ||||
| CVE-2023-36828 | 1 Statamic | 2 Cms, Statamic | 2024-11-21 | 5.5 Medium |
| Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitize` function. Version 4.10.0 contains a patch for this issue. | ||||
| CVE-2021-45364 | 1 Statamic | 1 Statamic | 2024-11-21 | 9.8 Critical |
| A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product | ||||
| CVE-2018-19598 | 1 Statamic | 1 Statamic | 2024-11-21 | N/A |
| Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request. | ||||