62 matches found
CVE-2022-0743
Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...
CVE-2022-0743
Summary: CVE-2022-0743 is a stored XSS vulnerability in the Grav CMS (GitHub repo getgrav/grav) affecting versions prior to 1.7.31. The issue arises from insufficient input validation/output handling that allows injected scripts to be stored and later executed by users. Public references (NVD, Re...
CVE-2022-0743 Cross-site Scripting (XSS) - Stored in getgrav/grav
Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...
CVE-2022-0743 Cross-site Scripting (XSS) - Stored in getgrav/grav
Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...
Cross-site Scripting (XSS)
getgrav/grav is vulnerable to cross-site scripting XSS attacks. Insufficient checks in detectXss allow remote attackers to inject and execute arbitrary javascript code in the victim's browser...
CVE-2022-0268
Cross-site Scripting XSS - Stored in Packagist getgrav/grav prior to 1.7.28...
CVE-2022-0268
Cross-site Scripting XSS - Stored in Packagist getgrav/grav prior to 1.7.28...
Cross site scripting
Cross-site Scripting XSS - Stored in Packagist getgrav/grav prior to 1.7.28...
CVE-2022-0268 Cross-site Scripting (XSS) - Stored in getgrav/grav
Cross-site Scripting XSS - Stored in Packagist getgrav/grav prior to 1.7.28...
CVE-2022-0268
CVE-2022-0268 is an XSS vulnerability in Grav prior to 1.7.28, stored in Packagist getgrav/grav. Root cause: insufficient input validation/escaping allows a low-privilege user to inject arbitrary JavaScript when creating a page. Affects Grav versions
CVE-2022-0268 Cross-site Scripting (XSS) - Stored in getgrav/grav
Cross-site Scripting XSS - Stored in Packagist getgrav/grav prior to 1.7.28...
Cross-site Scripting (XSS) - Stored in getgrav/grav
Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. I used &58 instead of : in the href attribute of tag to bypass the xss...
Path Traversal
getgrav/grav is vulnerable to path traversal. An attacker can traverse the file system to access files or directories when using bin/grav server...
CVE-2021-3924 Path Traversal in getgrav/grav
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal'...
Cross-Site Scripting (XSS)
getgrav/grav is vulnerable to cross-site scripting. This is due to improper encoding of the tags, which allows an attacker to insert and execute malicious javascript...
CVE-2021-3904 Cross-site Scripting (XSS) - Stored in getgrav/grav
grav is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Cookies Validation Bypass
getgrav/grav is vulnerable to cookies validation bypass. Setting cookies to be accessible from the root context path using Session::setFlashCookieObject exposes the cookie to all web applications on the domain...
in getgrav/grav-plugin-admin
āļø Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. šµļøāāļø Proof of Concept š„ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
Cross-Site Scripting (XSS)
getgrav/grav is vulnerable to cross-site scripting XSS. A user with the ability to edit pages is able to inject and execute malicious code due to insecure default security configuration when using Admin plugin to edit pages...
Open Redirect
getgrav/grav is vulnerable to open redirect. The vulnerability exists because the function redirect in Common/Grav.php does not validate the internal route parameter route and redirect to another location, allowing attackers to provide a malicious route to a location or file...