AIKIDO-2024-10382

statamic/cms is vulnerable to Cross-site Scripting (XSS)

35

Low

statamic/cms php

AIKIDO-2024-10382: statamic/cms is vulnerable to Cross-site Scripting (XSS) in versions 3.4.0 - 4.45.0.

Cross-site Scripting (XSS)
Vuln in 3.4.0 - 4.45.0
Fixed in 4.46.0
No CVE available
TL;DR

Affected versions of this package are vulnerable to cross-site scripting (XSS). When uploading an svg file, it is not sanitized an could contain dangerous content.

Who does this affect?

You're affected if you are using a version which is within vulnerability ranges.

How can it be fixed?

Upgrade statamic/cms library to patch version.

Background info

Link to vendor website

Logo
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US