Primary

Context

Statamic CMS Stored Cross-Site Scripting Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Statamic CMS versions 6.0.0 prior to 6.2.3. This issue allows authenticated users with content creation permissions to inject malicious JavaScript into content titles. The injected script executes when the content is viewed by users with higher privileges. Exploitation of this vulnerability could lead to the creation of super admin accounts.

Impact

Exploitation of this vulnerability allows for privilege escalation, enabling the creation of super admin accounts.

Remediation

Users can upgrade to Statamic CMS version 6.2.3 or later to address this vulnerability.

Added: Feb 11, 2026, 9:25 PM

Updated: Feb 11, 2026, 9:25 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.4

exploitability

5.4

remediation

7.7

relevance

2.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.4

exploitability

5.4

remediation

7.7

relevance

2.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Statamic CMS Stored Cross-Site Scripting Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Statamic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating