Shirshaw64P

**Name of the Vulnerable Software and Affected Versions** Statamic versions prior to 6.6.2 **Description** Statamic is a Laravel and Git powered content management system (CMS). A stored cross-site scripting (XSS) issue exists in the control panel color mode preference. This allows authenticated users with control panel access to inject malicious JavaScript. The injected JavaScript executes when a higher-privileged user impersonates their account. The issue allows for potential privilege escalation. **Recommendations** Versions prior to 6.6.2 should be updated to version 6.6.2 or later.