QwikSec

Security Database

CVE

CWE

Training

CVE-2026-33080

Published: Mar 20, 2026

Modified: Mar 25, 2026

PUBLISHED

CVSS v3.1

7.3

HIGH

Description

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers (Range, Values) that render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the table with those summarizers. This issue has been patched in versions 4.8.5 and 5.3.5.

Vendor	Product	Versions
filamentphp	filament	affected `>= 4.0.0, < 4.8.5` affected `>= 5.0.0, < 5.3.5`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

https://github.com/filamentphp/filament/security/advisories/GHSA-vv3x-j2x5-36jc

x_refsource_CONFIRM

https://github.com/filamentphp/filament/commit/efa041aeeb4b1a99acd48aaa05584993c926d1ed

x_refsource_MISC

https://github.com/filamentphp/filament/releases/tag/v4.8.5

x_refsource_MISC

https://github.com/filamentphp/filament/releases/tag/v5.3.5

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.