216.73.216.86

CVE-2026-28426

· Published 27/02/2026 23:16 · Modified 27/02/2026 23:16

Labels: CVE-2026-28426 2026-02-27CVE-2026-28426CWE-79[email protected]

Essential information

Published
27/02/2026 23:16
Modified
27/02/2026 23:16
Author
Creator
CVSS
8.7 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CVSS metrics

Description

Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This has been fixed in 5.73.11 and 6.4.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
statmatic / statmatic cpe:2.3:a:statmatic:statmatic:<5.73.11:*:*:*:*:*:*:*
statmatic / statmatic cpe:2.3:a:statmatic:statmatic:<6.4.0:*:*:*:*:*:*:*

References