4 matches found
Cross-Site Scripting (XSS)
getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the datareadableName parameter of the /admin/accounts/groups/Grupo endpoint, which allows an attacker to inject and store malicious scripts that execute when the affected pa...
GHSA-RMW5-F87R-W988 Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`
Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the datareadableName parameter. The injected scripts are stored on the server and...
Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`
Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the datareadableName parameter. The injected scripts are stored on the server and...
CVE-2025-66312
The CVE-2025-66312 pertains to Grav Admin Plugin, where a Stored XSS vulnerability existed in the /admin/accounts/groups/Grupo endpoint via the data[readableName] field. The issue allowed injected scripts to be stored on the server and executed when affected pages load. It affects Grav’s admin in...