CVE-2026-32612

Sažetak

Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. This has been fixed in 6.6.2.

Reference

https://github.com/Shirshaw64p/security-advisories/tree/main/CVE-2026-32612
https://github.com/statamic/cms/security/advisories/GHSA-hcch-w73c-jp4m

CVSS

Base:	5.4
Impact:	2.7
Exploitability:	2.3

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

13-03-2026 - 19:55

Objavljeno

13-03-2026 - 19:55