Statamic
CVE-2024-24570
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel. Additionally, if the XSS is crafted in a specific way, the "copy password reset link" feature may be exploited to gain access to a user's password reset token and gain access to their account. The authorized user is required to execute the XSS in order for the vulnerability to occur. In versions 4.46.0 and 3.4.17, the XSS vulnerability has been patched, and the copy password reset link functionality has been disabled.
AnalysisAI
Statamic is a Laravel and Git powered CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel. Additionally, if the XSS is crafted in a specific way, the "copy password reset link" feature may be exploited to gain access to a user's password reset token and gain access to their account. The authorized user is required to execute the XSS in order for the vulnerability to occur. In versions 4.46.0 and 3.4.17, the XSS vulnerability has been patched, and the copy password reset link functionality has been disabled. Affected products include: Statamic.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Statmic is a core Laravel content management system Composer package. Rated critical severity (CVSS 9.8), this vulnerabi
Statamic is a flat-first, Laravel and Git powered content management system. Rated medium severity (CVSS 5.4), this vuln
Password reset poisoning in Statamic CMS before 6.3.3/5.73.10 allows attackers to steal password reset tokens by manipul
Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class ar
Authenticated Statamic CMS users (versions 6.0.0-6.3.x) can bypass privilege escalation verification checks to gain unau
Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. Rated high severity (CVSS 8.8), this
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request. Rated medium seve
Statmatic is a Laravel and Git powered content management system (CMS). [CVSS 8.7 HIGH]
Authenticated users with content creation permissions in Statamic CMS versions 6.0.0 through 6.2.2 can inject persistent
Versions 5.73.8 and below in addition to 6.0.0-alpha.1 versions up to 6.3.1 is affected by cross-site scripting (xss) (C
Remote code execution in Statmatic CMS versions prior to 5.73.11 and 6.4.0 allows authenticated users with control panel
Statmatic is a Laravel and Git powered content management system (CMS). [CVSS 6.8 MEDIUM]
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today