216.73.216.86

CVE-2026-33172

· Published 20/03/2026 22:16 · Modified 20/03/2026 22:16

Labels: CVE-2026-33172 2026-03-20CVE-2026-33172CWE-79[email protected]

Essential information

Published
20/03/2026 22:16
Modified
20/03/2026 22:16
Author
Creator
CVSS
8.7 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CVSS metrics

Description

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the asset is viewed. This has been fixed in 5.73.14 and 6.7.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
statamic / statamic cpe:2.3:a:statamic:statamic:<5.73.14:*:*:*:*:*:*
statamic / statamic cpe:2.3:a:statamic:statamic:<6.7.0:*:*:*:*:*:*

References