Home > Vulnerability Database > CVE-2023-48701

Mend.io Vulnerability Database

CVE-2023-48701

Good to know:

Date: November 21, 2023

Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. This issue has been patched on 3.4.15 and 4.36.0.

Language: PHP

Severity Score

7.5

Related Resources (6)

Url: https://github.com/statamic/cms/releases/tag/v3.4.15

Url: https://github.com/statamic/cms/releases/tag/v4.36.0

Url: https://github.com/statamic/cms

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-48701

Url: https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv

Url: https://www.mend.io/vulnerability-database/CVE-2023-48701

Severity Score

7.5

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version v3.4.15,v4.36.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-48701

Good to know:

Date: November 21, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?