Grav is a scalable CMS (content management system) for personal blogs, small content publishing platforms, and single-page product displays. cross-site scripting vulnerabilities exist in versions prior to Grav 1.7.33, which stem from the application’s lack of filtering and escaping of user data. An attacker could use this vulnerability to execute JavaScript code on the client side.