Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-vqxq-hvxw-9mv9: Statmic CMS vulnerable to account takeover via XSS and password reset link

Impact

HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS.

This affects:

  • front-end forms with asset fields without any mime type validation
  • asset fields in the control panel
  • asset browser in the control panel

Additionally, if the XSS is crafted in a specific way, the “copy password reset link” feature may be exploited to gain access to a user’s password reset token and gain access to their account. The authorized user is required to execute the XSS in order for the vulnerability to occur.

Patches

In versions 4.46.0 and 3.4.17, the XSS vulnerability has been patched, and the copy password reset link functionality has been disabled. (Users may still trigger password reset emails.)

Credits

Statamic thanks Niklas Schilling (discovery, analysis, coordination) from the SEC Consult Vulnerability Lab (https://www.sec-consult.com/) for responsibly reporting the identified issues and working with us as we addressed them.

ghsa
#xss#vulnerability#auth

Impact

HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS.

This affects:

  • front-end forms with asset fields without any mime type validation
  • asset fields in the control panel
  • asset browser in the control panel

Additionally, if the XSS is crafted in a specific way, the “copy password reset link” feature may be exploited to gain access to a user’s password reset token and gain access to their account. The authorized user is required to execute the XSS in order for the vulnerability to occur.

Patches

In versions 4.46.0 and 3.4.17, the XSS vulnerability has been patched, and the copy password reset link functionality has been disabled. (Users may still trigger password reset emails.)

Credits

Statamic thanks Niklas Schilling (discovery, analysis, coordination) from the SEC Consult Vulnerability Lab (https://www.sec-consult.com/) for responsibly reporting the identified issues and working with us as we addressed them.

References

  • GHSA-vqxq-hvxw-9mv9
  • https://nvd.nist.gov/vuln/detail/CVE-2024-24570

Related news

Statamic CMS Cross Site Scripting

Statamic CMS versions prior to 4.46.0 and 3.4.17 suffer from multiple persistent cross site scripting vulnerabilities.

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection