PT-2026-50597 · Packagist · Filament/Forms
Publicado
2026-06-17
·
Atualizado
2026-06-17
·
CVE-2026-55409
CVSS v3.1
7.6
Alta
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N |
In Filament v3, a disabled
RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attacker could plant malicious HTML or JavaScript and achieve XSS that executes for users who view the form.Please note that Filament v4 and above does not use the same mechanism for rendering a disabled
RichEditor so this advisory does not apply.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Filament/Forms