11 matches found
CVE-2025-66468
The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Polic...
EUVD-2025-200307
Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors...
Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors
Impact Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. Workaround If the standard CSP rules are active default in production mode, an exploit isn't possible. Credits Lwin Min Oo...
GHSA-424M-FJ2Q-G7VG Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors
Impact Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. Workaround If the standard CSP rules are active default in production mode, an exploit isn't possible. Credits Lwin Min Oo...
Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors
Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled...
Cross-site Scripting (XSS)
Overview aimeos/ai-cms-grapesjs is an Aimeos GrapesJS CMS extension Affected versions of this package are vulnerable to Cross-site Scripting XSS via the authenticated editors. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts when the...
CVE-2025-66468
The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Polic...
CVE-2025-66468 Aimeos GrapesJS CMS extension possible stores XSS exploitable by authenticated editors
The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Polic...
CVE-2025-66468 Aimeos GrapesJS CMS extension possible stores XSS exploitable by authenticated editors
The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Polic...
CVE-2025-66468
The CVE-2025-66468 issue concerns the Aimeos GrapesJS CMS extension. Affected versions prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8 allow Javascript injection by authenticated editors resulting in a stored XSS when the standard CSP is disabled. The vulnerability is fixed in ...
CVE-2025-66468 Aimeos GrapesJS CMS extension possible stores XSS exploitable by authenticated editors
The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Polic...