Security Advisories - statamic/cms - Packagist

statamic/cms Security Advisories for v4.34.0 (3)

[MEDIUM] Statamic CMS has a Path Traversal in Asset Upload

PKSA-8gf5-xvpy-gbms CVE-2024-52600 GHSA-p7f6-8mcm-fwv3

Affected version: <=5.16.0

Reported by:
GitHub
[HIGH] Statmic CMS vulnerable to account takeover via XSS and password reset link

PKSA-8pw7-xndm-5j7f CVE-2024-24570 GHSA-vqxq-hvxw-9mv9

Affected version: <3.4.17|>=4.00,<4.46.0

Reported by:
GitHub
[HIGH] Cross-site Scripting via uploaded assets

PKSA-jwp2-xxh9-t8xp CVE-2023-48701 GHSA-8jjh-j3c2-cjcv

Affected version: >=4.0.0,<4.36.0|<3.4.15

Reported by:
GitHub