{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T06:44:10.374","vulnerabilities":[{"cve":{"id":"CVE-2026-25759","sourceIdentifier":"security-advisories@github.com","published":"2026-02-11T21:16:19.097","lastModified":"2026-02-18T19:37:29.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This vulnerability can be exploited to allow super admin accounts to be created. This has been fixed in 6.2.3."},{"lang":"es","value":"Statmatic es un sistema de gestión de contenido (CMS) impulsado por Laravel y Git. Desde la 6.0.0 hasta antes de la 6.2.3, una vulnerabilidad de XSS almacenado en los títulos de contenido permite a usuarios autenticados con permisos de creación de contenido inyectar JavaScript malicioso que se ejecuta cuando es visto por usuarios con mayores privilegios. El usuario malicioso debe tener una cuenta con acceso al panel de control y permisos de creación de contenido. Esta vulnerabilidad puede ser explotada para permitir la creación de cuentas de superadministrador. Esto ha sido corregido en la 6.2.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.2.3","matchCriteriaId":"08046306-6614-476F-A450-B90A03160915"}]}]}],"references":[{"url":"https://github.com/statamic/cms/commit/6ed4f65f3387686d6dbd816e9b4f18a8d9736ff6","source":"security-advisories@github.com","tags":["Patch","Product"]},{"url":"https://github.com/statamic/cms/releases/tag/v6.2.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/statamic/cms/security/advisories/GHSA-ff9r-ww9c-43x8","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}