Home > Vulnerability Database > CVE-2023-48701

Mend.io Vulnerability Database

CVE-2023-48701

Date: November 21, 2023

Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. This issue has been patched on 3.4.15 and 4.36.0.

Language: PHP

Severity Score

7.5

Related Resources (6)

Url: https://github.com/statamic/cms/releases/tag/v3.4.15

Url: https://github.com/statamic/cms/releases/tag/v4.36.0

Url: https://github.com/statamic/cms

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-48701

Url: https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv

Url: https://www.mend.io/vulnerability-database/CVE-2023-48701

Severity Score

7.5

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-48701

Date: November 21, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?