CVE-2026-33080
HIGH
GHSA-vv3x-j2x5-36jc
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
3Tags
Description
Two Filament Table summarizers (`Range`, `Values`) render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the table with those summarizers.
Analysis
A stored cross-site scripting (XSS) vulnerability exists in Filament Table's Range and Values summarizers, which render database values without HTML escaping. Affected products include filament_tables (Composer package), where an attacker with low privileges can inject malicious HTML or JavaScript into database columns used by these summarizers, executing arbitrary scripts when other users view the table. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: inventory all applications using filament_tables and assess whether Range/Values summarizers are active; disable these features if non-critical. Within 7 days: implement input validation and output encoding controls at the application layer; conduct risk assessment of affected data and user accounts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today