Lucene search
K

6 matches found

CVE
CVE
added 2026/07/08 1:49 p.m.12 views

CVE-2026-58657

Grav before 2.0.0 (through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injection in the Markdown image resize() action. In Excerpts::processMediaActions(), the resize() path writes caller-controlled values directly into the image’s styleAttributes. A low-priv content editor who can edit ...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 1:49 p.m.4 views

CVE-2026-58657 Grav - Stored CSS Injection via Markdown Image resize() Action

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS6.2AI score0.00217EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4708

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.0054EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:18 p.m.25 views

Image Resizer Cross-site Scripting (XSS) in the Bulk Resize action

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action...

5.4CVSS6AI score0.0054EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/05/25 5:15 p.m.16 views

CVE-2020-13459

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action...

5.4CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2020/05/25 5:15 p.m.13 views

Cross site scripting

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action...

3.5CVSS5.2AI score0.0054EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder