Search for packages
| purl | pkg:composer/statamic/cms@6.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9yv7-85t6-mkcj
Aliases: CVE-2026-27939 GHSA-rw9x-pxqx-q789 |
Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. |
Affected by 0 other vulnerabilities. |
|
VCID-qvu2-q7a8-b3gv
Aliases: CVE-2026-25759 GHSA-ff9r-ww9c-43x8 |
Statamic CMS vulnerable to privilege escalation via stored cross-site scripting Stored XSS vulnerability in content titles allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This vulnerability can be exploited to allow super admin accounts to be created. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:50:58.706250+00:00 | GitLab Importer | Affected by | VCID-9yv7-85t6-mkcj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/statamic/cms/CVE-2026-27939.yml | 38.6.0 |
| 2026-06-02T04:50:04.677761+00:00 | GitLab Importer | Affected by | VCID-qvu2-q7a8-b3gv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/statamic/cms/CVE-2026-25759.yml | 38.6.0 |