Lucene search
K

8 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Grav 输入验证错误漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Prior to Grav 2.0.0-beta.2, there was a vulnerability related to input validation errors. This...

9.4CVSS5.8AI score0.00939EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.7 views

Grav 跨站脚本漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Prior to Grav 9.1.0, there was a cross-site scripting vulnerability. This vulnerability stemmed...

5.4CVSS5.8AI score0.0015EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/05 9:29 p.m.6 views

Improper Enforcement of a Single, Unique Action

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Enforcement of a Single, Unique Action through the user creation process. An attacker can remove administrative privileges and disrup...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/03 12:26 a.m.5 views

CVE-2025-65186

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting XSS. The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize...

6.1CVSS6.3AI score0.00184EPSS
Exploits1References1
CNVD
CNVD
added 2025/12/03 12:0 a.m.2 views

Grav Resource Management Error Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a resource management error vulnerability that stems from insufficient input cleanup, which can be exploited by an attacker to cause a...

4.9CVSS6.8AI score0.00339EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/02 12:0 a.m.4 views

CVE-2025-65186

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting XSS. The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface...

5.4AI score0.00184EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/01 9:19 p.m.5 views

CVE-2025-66300 Grav is vulnerable to Arbitrary File Read

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files /grav/user/accounts/.yaml, which store hashed user password, 2FA secret, and the password...

8.5CVSS0.00397EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.6 views

PT-2023-24776 · Grav · Grav

Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.42 Description: Grav is a flat-file content management system with a logic flaw in the GravExtension.filterFilter function. This flaw allows validation against a denylist of unsafe functions to be skipped when an...

8.8CVSS8.1AI score0.02074EPSS
Exploits1References13
Rows per page
Query Builder