Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. This issue has been patched on 3.4.15 and 4.36.0.
References
Link | Resource |
---|---|
https://github.com/statamic/cms/releases/tag/v3.4.15 | Release Notes |
https://github.com/statamic/cms/releases/tag/v4.36.0 | Release Notes |
https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv | Vendor Advisory |
https://github.com/statamic/cms/releases/tag/v3.4.15 | Release Notes |
https://github.com/statamic/cms/releases/tag/v4.36.0 | Release Notes |
https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/statamic/cms/releases/tag/v3.4.15 - Release Notes | |
References | () https://github.com/statamic/cms/releases/tag/v4.36.0 - Release Notes | |
References | () https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
30 Nov 2023, 05:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Statamic statamic
Statamic |
|
CPE | cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:* | |
References | () https://github.com/statamic/cms/releases/tag/v4.36.0 - Release Notes | |
References | () https://github.com/statamic/cms/releases/tag/v3.4.15 - Release Notes | |
References | () https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv - Vendor Advisory |
21 Nov 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-21 23:15
Updated : 2024-11-21 08:32
NVD link : CVE-2023-48701
Mitre link : CVE-2023-48701
CVE.ORG link : CVE-2023-48701
JSON object : View
Products Affected
statamic
- statamic
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')