CVE-2020-9322 Information
Aug 09, 2025
cve
Description
The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.
Reference
https://gist.github.com/kernelsndrs/86b78e869d481566223914ec7d4fc881 https://statamic.com/changelog#2.11.18 https://web.archive.org/web/20200304174034/www.statamic.com/changelog#2.11.18
Related CNNVD
CNNVD-202508-724 (Published: 2025-08-08)
Share on: