Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-36828: Release v4.10.0 · statamic/cms

Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the sanitize function. Version 4.10.0 contains a patch for this issue.

CVE
#xss#vulnerability#git#oauth#auth

Skip to content

Sign up

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog
  • For

    • Enterprise
    • Teams
    • Startups
    • Education

    By Solution

    • CI/CD & Automation
    • DevOps
    • DevSecOps

    Case Studies

    • Customer Stories
    • Resources
    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections
  • Pricing

  • In this repository All GitHub

  • No suggested jump to results

  • In this repository All GitHub

  • In this organization All GitHub

  • In this repository All GitHub

Sign in

Sign up

statamic / cms Public

  • Notifications
  • Fork 393
  • Star 2.8k
  • Code
  • Issues 437
  • Pull requests 51
  • Discussions
  • Actions
  • Projects
  • Security
  • Insights

More

  1. Releases
  2. v4.10.0

Latest

Latest

Compare

Choose a tag to compare

github-actions released this

05 Jul 16:34

v4.10.0

5261b3b

What’s new

  • Added sanitize param to the svg tag. #8408 by @jasonvarga

What’s improved

  • French translations. #8388 by @ebeauchamps

What’s fixed

  • Bring back the password reset link for non-OAuth sites. #8396 by @jackmcdade
  • Add some missing translation calls. #8387 by @ebeauchamps

Contributors

jackmcdade, jasonvarga, and ebeauchamps

Assets 4

Related news

GHSA-6r5g-cq4q-327g: Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG

Antlers sanitizer cannot effectively sanitize malicious SVG ### Summary The SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform XSS attacks using SVG, even when using the `sanitize` function. ### Details Regarding the previous discussion mentioned [here](https://github.com/statamic/cms/security/advisories/GHSA-jvw9-rrc5-39g6#advisory-comment-84322), it has been identified that the default blacklist in the **FilesFieldtypeController** (located at this [link](https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Http/Controllers/CP/Fieldtypes/FilesFieldtypeController.php#L15)) only blocks certain file extensions such as php, php3, php4, php5, and phtml. This allows a malicious user to upload a manipulated SVG file disguised as a social media icon, potentially triggering an XSS vulnerability. ### PoC Screenshot ![image](https://user-images.githubusercontent.com/17494868/251093022-15f949e9-2014-4069-850b-8...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907