CVE Catalog

CVE-2026-48167

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

Filament is a collection of components for accelerated Laravel development. From versions 4.0.0 to 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML, potentially leading to XSS attacks.

Risk Assessment

The lack of validation for data passed to these components could allow an attacker to inject malicious HTML or JavaScript, resulting in stored XSS that executes for users viewing the table or schema.

Recommendation

It is recommended to upgrade to versions 4.11.5 or 5.6.5 to mitigate this vulnerability.

Original NVD description (English source)

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to these components isn't validated, an attacker could plant malicious HTML or JavaScript and achieve stored XSS that executes for users who view the table or schema. This vulnerability is fixed in 4.11.5 and 5.6.5.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS