CNNVD-202510-4194 Information
CNNVD ID
CNNVD-202510-4194
Related CVE
- CNNVD Published: 2025-10-30
Description (Chinese)
Statamic是美国Statamic公司的一个基于 Laravel 构建的强大的平面文件 Cms。用于将所有内容、模板、资产和设置存储在文件而不是数据库中。 Statamic 5.22.1之前版本存在跨站脚本漏洞,该漏洞源于Collections和Taxonomies中存在存储型跨站脚本,可能导致恶意JavaScript代码执行。
Description (English)
Statamic is a powerful plane file based on Laravel, a United States company Statamic, Cms. To store all content, templates, assets and settings in a file rather than a database. The pre-Statamic 5.22.1 version has a cross-site script loophole, which stems from the existence of a storage-type cross-site script in Colletions and Taxonomers, which could lead to malicious JavaScript code execution.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Statamic
Published
2025-10-30
Last Modified
2026-02-24
References
https://github.com/statamic/cms/commit/e513751f433679ce698606e20c554a0c839987c1 https://github.com/statamic/cms/security/advisories/GHSA-g59r-24g3-h7cm
Patch
https://github.com/statamic/cms/releases
Share on: