Lucene search
+L

62 matches found

NVD
NVD
•added 2022/02/28 11:15 p.m.•22 views

CVE-2022-0743

Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...

4.6CVSS0.01343EPSS
Exploits1References2
CVE
CVE
•added 2022/02/28 11:0 p.m.•118 views

CVE-2022-0743

Summary: CVE-2022-0743 is a stored XSS vulnerability in the Grav CMS (GitHub repo getgrav/grav) affecting versions prior to 1.7.31. The issue arises from insufficient input validation/output handling that allows injected scripts to be stored and later executed by users. Public references (NVD, Re...

4.6CVSS4.5AI score0.01343EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
•added 2022/02/28 11:0 p.m.•24 views

CVE-2022-0743 Cross-site Scripting (XSS) - Stored in getgrav/grav

Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...

4.6CVSS4.8AI score0.01343EPSS
Exploits1References2
OSV
OSV
•added 2022/02/28 11:0 p.m.•20 views

CVE-2022-0743 Cross-site Scripting (XSS) - Stored in getgrav/grav

Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...

4.6CVSS4.7AI score0.01343EPSS
Exploits1References4
Veracode
Veracode
•added 2022/01/26 3:5 a.m.•16 views

Cross-site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting XSS attacks. Insufficient checks in detectXss allow remote attackers to inject and execute arbitrary javascript code in the victim's browser...

5.4CVSS5.9AI score0.01416EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
•added 2022/01/25 11:15 a.m.•7 views

CVE-2022-0268

Cross-site Scripting XSS - Stored in Packagist getgrav/grav prior to 1.7.28...

5.7CVSS5.9AI score0.01416EPSS
Exploits1References3
NVD
NVD
•added 2022/01/25 11:15 a.m.•22 views

CVE-2022-0268

Cross-site Scripting XSS - Stored in Packagist getgrav/grav prior to 1.7.28...

5.7CVSS0.01416EPSS
Exploits1References2
Prion
Prion
•added 2022/01/25 11:15 a.m.•10 views

Cross site scripting

Cross-site Scripting XSS - Stored in Packagist getgrav/grav prior to 1.7.28...

3.5CVSS5.2AI score0.01416EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
•added 2022/01/25 10:40 a.m.•24 views

CVE-2022-0268 Cross-site Scripting (XSS) - Stored in getgrav/grav

Cross-site Scripting XSS - Stored in Packagist getgrav/grav prior to 1.7.28...

5.7CVSS5.4AI score0.01416EPSS
Exploits1References2
CVE
CVE
•added 2022/01/25 10:40 a.m.•62 views

CVE-2022-0268

CVE-2022-0268 is an XSS vulnerability in Grav prior to 1.7.28, stored in Packagist getgrav/grav. Root cause: insufficient input validation/escaping allows a low-privilege user to inject arbitrary JavaScript when creating a page. Affects Grav versions

5.7CVSS5.1AI score0.01416EPSS
Exploits1References2Affected Software1
OSV
OSV
•added 2022/01/25 10:40 a.m.•18 views

CVE-2022-0268 Cross-site Scripting (XSS) - Stored in getgrav/grav

Cross-site Scripting XSS - Stored in Packagist getgrav/grav prior to 1.7.28...

5.7CVSS5.7AI score0.01416EPSS
Exploits1References4
Huntr
Huntr
•added 2022/01/02 10:1 p.m.•22 views

Cross-site Scripting (XSS) - Stored in getgrav/grav

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. I used &58 instead of : in the href attribute of tag to bypass the xss...

3.5CVSS1.2AI score0.01416EPSS
Exploits1
Veracode
Veracode
•added 2021/11/08 3:16 a.m.•16 views

Path Traversal

getgrav/grav is vulnerable to path traversal. An attacker can traverse the file system to access files or directories when using bin/grav server...

7.5CVSS4.9AI score0.04224EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
•added 2021/11/05 2:50 p.m.•22 views

CVE-2021-3924 Path Traversal in getgrav/grav

grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal'...

8.8CVSS7.7AI score0.04224EPSS
Exploits1References2
Veracode
Veracode
•added 2021/10/28 3:41 a.m.•15 views

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting. This is due to improper encoding of the tags, which allows an attacker to insert and execute malicious javascript...

5.4CVSS2.5AI score0.00573EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
•added 2021/10/27 9:10 p.m.•31 views

CVE-2021-3904 Cross-site Scripting (XSS) - Stored in getgrav/grav

grav is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.3CVSS5.7AI score0.00573EPSS
Exploits1References2
Veracode
Veracode
•added 2021/09/28 6:46 a.m.•4 views

Cookies Validation Bypass

getgrav/grav is vulnerable to cookies validation bypass. Setting cookies to be accessible from the root context path using Session::setFlashCookieObject exposes the cookie to all web applications on the domain...

5.3CVSS6.7AI score0.02374EPSS
Exploits1References2Affected Software1
Huntr
Huntr
•added 2021/08/23 3:56 p.m.•18 views

in getgrav/grav-plugin-admin

āœļø Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. šŸ•µļøā€ā™‚ļø Proof of Concept šŸ’„ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

5.8CVSS1.3AI score0.01547EPSS
Exploits1References1
Veracode
Veracode
•added 2020/12/14 8:31 a.m.•7 views

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting XSS. A user with the ability to edit pages is able to inject and execute malicious code due to insecure default security configuration when using Admin plugin to edit pages...

1.6AI score
Exploits0
Veracode
Veracode
•added 2020/04/06 1:55 a.m.•17 views

Open Redirect

getgrav/grav is vulnerable to open redirect. The vulnerability exists because the function redirect in Common/Grav.php does not validate the internal route parameter route and redirect to another location, allowing attackers to provide a malicious route to a location or file...

6.1CVSS4.7AI score0.10879EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder