6 matches found
CVE-2026-58657
Grav before 2.0.0 (through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injection in the Markdown image resize() action. In Excerpts::processMediaActions(), the resize() path writes caller-controlled values directly into the image’s styleAttributes. A low-priv content editor who can edit ...
CVE-2026-58657 Grav - Stored CSS Injection via Markdown Image resize() Action
Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...
EUVD-2022-4708
Malicious code in bioql PyPI...
Image Resizer Cross-site Scripting (XSS) in the Bulk Resize action
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action...
CVE-2020-13459
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action...
Cross site scripting
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action...