Description

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers (Range, Values) that render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the table with those summarizers. This issue has been patched in versions 4.8.5 and 5.3.5.

INFO

Published Date :

2026-03-20T08:58:45.360Z

Last Modified :

2026-03-20T08:58:45.360Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33080 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33080.

URL Resource
https://github.com/filamentphp/filament/commit/efa041aeeb4b1a99acd48aaa05584993c926d1ed cve-icon cve-icon
https://github.com/filamentphp/filament/releases/tag/v4.8.5 cve-icon cve-icon
https://github.com/filamentphp/filament/releases/tag/v5.3.5 cve-icon cve-icon
https://github.com/filamentphp/filament/security/advisories/GHSA-vv3x-j2x5-36jc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact