We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2020-9322



Description

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.

Reserved 2020-02-20 | Published 2025-08-08 | Updated 2025-08-08 | Assigner mitre

References

statamic.com/changelog

gist.github.com/kernelsndrs/86b78e869d481566223914ec7d4fc881

web.archive.org/...20200304174034/www.statamic.com/changelog

cve.org (CVE-2020-9322)

nvd.nist.gov (CVE-2020-9322)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2020-9322

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.