CVE-2024-24570 Information

Description

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded allowing for XSS. This affects the front-end forms with asset fields without any mime type validation asset fields in the control panel and asset browser in the control panel. Additionally if the XSS is crafted in a specific way the ## Reference https://github.com/statamic/cms/security/advisories/GHSA-vqxq-hvxw-9mv9