CVE-2023-36828

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jul 5, 2023

Updated: Jul 12, 2023

CWE ID 79

Summary

CVE-2023-36828 is a newly identified vulnerability affecting Statamic, a Laravel and Git-powered content management system. Before the release of version 4.10.0, Statamic failed to sanitize malicious SVG code, making it susceptible to cross-site scripting (XSS) attacks. An attacker could exploit this issue by injecting malicious SVG code, even when the `sanitize` function was used. The latest version, 4.10.0, includes a patch to mitigate this vulnerability and improve overall security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Statamic

Affected Vendors

Statamic

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzcVip
https://www.cve.org/CVERecord?id=CVE-2023-36828
https://nvd.nist.gov/vuln/detail/CVE-2023-36828

Back to Vulnerability Database