CVE-2023-36828
CVSS V2 None
CVSS V3 None
Description
Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitize` function. Version 4.10.0 contains a patch for this issue.
Overview
- CVE ID
- CVE-2023-36828
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-07-05T21:30:06.196Z
- Last Modified Date
- 2023-07-05T21:30:06.196Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/statamic/cms/security/advisories/GHSA-6r5g-cq4q-327g | x_refsource_CONFIRM |
https://github.com/statamic/cms/pull/8408 | x_refsource_MISC |
https://github.com/statamic/cms/commit/c714893ad92de6e5ede17b501003441af505b30d | x_refsource_MISC |
https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Http/Controllers/CP/Fieldtypes/FilesFieldtypeController.php#L15 | x_refsource_MISC |
https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Tags/Svg.php#L36-L40 | x_refsource_MISC |
https://github.com/statamic/cms/releases/tag/v4.10.0 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-36828 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36828 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-25 16:56:07 | Added to TrackCVE |