-
-
Notifications
You must be signed in to change notification settings - Fork 521
Security: statamic/cms
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Password confirmation stored in plain text via registration formGHSA-qvpj-w7xj-r6w9 published
May 30, 2024 by jasonvargaLow -
Account takeover via XSS and password reset linkGHSA-vqxq-hvxw-9mv9 published
Feb 1, 2024 by jasonvargaHigh -
XSS via uploaded assetsGHSA-8jjh-j3c2-cjcv published
Nov 21, 2023 by jasonvargaHigh -
Remote code execution via form uploadsGHSA-2r53-9295-3m86 published
Nov 14, 2023 by jasonvargaHigh -
Remote code execution via front-end form uploadsGHSA-72hg-5wr5-rmfc published
Nov 10, 2023 by jasonvargaHigh -
Antlers sanitizer cannot effectively sanitize malicious SVGGHSA-6r5g-cq4q-327g published
Jul 5, 2023 by jasonvargaModerate -
Discoverability of user password hash via REST APIGHSA-qcgx-7p5f-hxvr published
Mar 25, 2022 by jasonvargaLow