8 matches found
Grav 输入验证错误漏洞
Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Prior to Grav 2.0.0-beta.2, there was a vulnerability related to input validation errors. This...
Grav 跨站脚本漏洞
Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Prior to Grav 9.1.0, there was a cross-site scripting vulnerability. This vulnerability stemmed...
Improper Enforcement of a Single, Unique Action
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Enforcement of a Single, Unique Action through the user creation process. An attacker can remove administrative privileges and disrup...
CVE-2025-65186
Grav CMS 1.7.49 is vulnerable to Cross Site Scripting XSS. The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize...
Grav Resource Management Error Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a resource management error vulnerability that stems from insufficient input cleanup, which can be exploited by an attacker to cause a...
CVE-2025-65186
Grav CMS 1.7.49 is vulnerable to Cross Site Scripting XSS. The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface...
CVE-2025-66300 Grav is vulnerable to Arbitrary File Read
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files /grav/user/accounts/.yaml, which store hashed user password, 2FA secret, and the password...
PT-2023-24776 · Grav · Grav
Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.42 Description: Grav is a flat-file content management system with a logic flaw in the GravExtension.filterFilter function. This flaw allows validation against a denylist of unsafe functions to be skipped when an...