CVE-2026-48167: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in filamentphp filament
FilamentPHP's filament package versions from 4.0.0 up to but not including 4.11.5, and from versions before 5.6.5, contain a stored cross-site scripting (XSS) vulnerability. The ImageColumn and ImageEntry components render raw database values without escaping HTML, allowing attackers to inject malicious scripts if input validation is insufficient. This vulnerability is fixed starting in versions 4.11.5 and 5.6.5.
AI Analysis
Technical Summary
The filament package for Laravel development versions 4.0.0 through 4.11.4 and versions prior to 5.6.5 have a stored cross-site scripting vulnerability (CWE-79) in the ImageColumn and ImageEntry components. These components render raw database values without HTML escaping, which can lead to stored XSS if untrusted data is passed without validation. The vulnerability allows an attacker to inject malicious HTML or JavaScript that executes in the context of users viewing the affected components. The issue is resolved in filament versions 4.11.5 and 5.6.5.
Potential Impact
Successful exploitation results in stored cross-site scripting, enabling attackers to execute arbitrary scripts in the browsers of users who view the affected tables or schemas. This can lead to information disclosure and limited integrity impact. There is no impact on availability. The CVSS 3.1 base score is 6.4 (medium severity) with network attack vector, low attack complexity, low privileges required, no user interaction, and scope changed.
Mitigation Recommendations
A fix is available in filament versions 4.11.5 and 5.6.5. Users should upgrade to these or later versions to remediate the vulnerability. Until upgraded, ensure that any data passed to ImageColumn and ImageEntry components is properly validated and sanitized to prevent injection of malicious HTML or JavaScript.
CVE-2026-48167: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in filamentphp filament
Description
FilamentPHP's filament package versions from 4.0.0 up to but not including 4.11.5, and from versions before 5.6.5, contain a stored cross-site scripting (XSS) vulnerability. The ImageColumn and ImageEntry components render raw database values without escaping HTML, allowing attackers to inject malicious scripts if input validation is insufficient. This vulnerability is fixed starting in versions 4.11.5 and 5.6.5.
CVSS v3.1
Score 6.4medium
Affected software
pkg:composer/filamentphp/filamentRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The filament package for Laravel development versions 4.0.0 through 4.11.4 and versions prior to 5.6.5 have a stored cross-site scripting vulnerability (CWE-79) in the ImageColumn and ImageEntry components. These components render raw database values without HTML escaping, which can lead to stored XSS if untrusted data is passed without validation. The vulnerability allows an attacker to inject malicious HTML or JavaScript that executes in the context of users viewing the affected components. The issue is resolved in filament versions 4.11.5 and 5.6.5.
Potential Impact
Successful exploitation results in stored cross-site scripting, enabling attackers to execute arbitrary scripts in the browsers of users who view the affected tables or schemas. This can lead to information disclosure and limited integrity impact. There is no impact on availability. The CVSS 3.1 base score is 6.4 (medium severity) with network attack vector, low attack complexity, low privileges required, no user interaction, and scope changed.
Mitigation Recommendations
A fix is available in filament versions 4.11.5 and 5.6.5. Users should upgrade to these or later versions to remediate the vulnerability. Until upgraded, ensure that any data passed to ImageColumn and ImageEntry components is properly validated and sanitized to prevent injection of malicious HTML or JavaScript.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-20T23:12:43.032Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a39b299eed863c81e7e85d1
Added to database: 06/22/2026, 22:09:29 UTC
Last enriched: 06/22/2026, 22:24:34 UTC
Last updated: 06/23/2026, 01:50:44 UTC
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.