exploitDog

GHSA-v2qm-4x3j-gc57

Опубликовано: 08 авг. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.

Ссылки

EPSS

Процентиль: 6%

0.00023

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-9322

CVSS3: 8.8

nvd

6 месяцев назад

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.

EPSS

Процентиль: 6%

0.00023

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-79