Dan Harrin

3 exploits Active since Sep 2024
CVE-2026-33080 WRITEUP HIGH WRITEUP
Filament Tables 4.x and 5.x - Stored Cross-Site Scripting
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers (Range, Values) that render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the table with those summarizers. This issue has been patched in versions 4.8.5 and 5.3.5.
CVSS 7.3
CVE-2024-47186 WRITEUP MEDIUM WRITEUP
Filament 3.0.0-3.2.114 - Cross-Site Scripting in ColorColumn and ColumnEntry
Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue.
CVSS 6.1
CVE-2025-67507 WRITEUP HIGH WRITEUP
filament 4.0.0-4.3.0 - Authentication Bypass via Recovery Code Reuse
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. This issue is fixed in version 4.3.1.
CVSS 8.1