Lucene search
K

8 matches found

NVD
NVD
added 2026/05/11 5:16 p.m.15 views

CVE-2026-44737

grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...

6.2CVSS0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 3:52 p.m.8 views

CVE-2026-44737

grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...

6.2CVSS5.8AI score0.00256EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/11 3:52 p.m.18 views

CVE-2026-44737

Grav grav-plugin-admin is affected by a XSS in the /admin/pages/[page] endpoint, via data[header][title], reported before upgrading to 1.10.49.5. The vulnerability arises from improper validation/sanitization of the data[header][title] parameter, leading to an injected script being reflected in t...

6.2CVSS5.8AI score0.00256EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Grav-Plugin-Admin 跨站脚本漏洞

Grav-Plugin-Admin is an administrative plugin developed by Grav, an open-source project. It is used to configure Grav pages. Versions of Grav-Plugin-Admin prior to 1.10.49.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper validation and cleaning of the...

6.2CVSS5.6AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 7:38 p.m.4 views

GHSA-FMG2-F5R9-24QC Grav: Stored XSS via page title (data[header][title]) in admin panel

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the dataheadertitle parameter. --- Details Vulnerable Endpoint: GET /admin/pages/page Parameter:...

6.2CVSS5.7AI score0.00256EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/08 7:38 p.m.8 views

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataheadertitle parameter in the admin panel. An attacker can execute arbitrary JavaScript code in the contex...

8.4CVSS5.8AI score0.00256EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 7:38 p.m.13 views

Grav: Stored XSS via page title (data[header][title]) in admin panel

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the dataheadertitle parameter. --- Details Vulnerable Endpoint: GET /admin/pages/page Parameter:...

6.2CVSS5.7AI score0.00256EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39296

Name of the Vulnerable Software and Affected Versions grav-plugin-admin versions prior to 1.10.49.5 Description The application fails to properly validate and sanitize user input in the dataheadertitle parameter. This allows attackers to craft a malicious URL containing a Cross-Site Scripting XSS...

6.2CVSS5.8AI score0.00256EPSS
Exploits0References5
Rows per page
Query Builder