CNNVD-202602-1825 Information

Feb 11, 2026 cve

CNNVD ID

CNNVD-202602-1825

CVE-2026-25759

  • CNNVD Published: 2026-02-11

Description (Chinese)

Statamic是美国Statamic公司的一个基于 Laravel 构建的强大的平面文件 Cms。用于将所有内容、模板、资产和设置存储在文件而不是数据库中。 Statamic 6.0.0至6.2.3之前版本存在跨站脚本漏洞,该漏洞源于内容标题中存在存储型跨站脚本,可能导致经过身份验证的用户注入恶意JavaScript。

Description (English)

Statamic is a powerful plane file based on Laravel, a United States company Statamic, Cms. To store all content, templates, assets and settings in a file rather than a database. The previous version of Statamic 6.0.0 to 6.2.3 had a cross-site script loophole, which stemmed from the existence of a stored cross-site script in the content title, which could result in the introduction of malicious JavaScript by an identified user.

Vulnerability Type

跨站脚本

Affected Vendor

Statamic

Published

2026-02-11

Last Modified

2026-02-24

References

https://github.com/statamic/cms/commit/6ed4f65f3387686d6dbd816e9b4f18a8d9736ff6 https://github.com/statamic/cms/releases/tag/v6.2.3 https://github.com/statamic/cms/security/advisories/GHSA-ff9r-ww9c-43x8

Patch

https://github.com/statamic/cms/releases

Share on: