Grav is a scalable CMS (content management system) for personal blogs, small content publishing platforms, and single-page product displays. cross-site scripting vulnerabilities exist in versions prior to Grav 1.7.31, which stem from the program’s lack of data validation filtering of user-supplied data and output. An attacker could use this vulnerability to execute JavaScript code on the client side.