GHSA-vv3x-j2x5-36jcHighCVSS 7.3

Filament Unvalidated Range and Values summarizer values can be used for XSS

Published
March 18, 2026
Last Modified
June 8, 2026

🔗 CVE IDs covered (1)

📋 Description

Two Table summarizers (Range, Values) render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the table with those summarizers.

🎯 Affected products2

  • composer/filament/tables:>= 4.0.0, < 4.8.5
  • composer/filament/tables:>= 5.0.0, < 5.3.5

🔗 References (6)