PT-2026-37274

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A path traversal issue exists within the FormFlash core component. An unauthenticated attacker can manipulate the session id passed via the form-flash-id parameter in POST requests to traverse th...

GHSA-J7RW-325J-2RMX Duplicate Advisory: Grav has Insecure Deserialization in File Cache

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwfr-jfjf-92vv. This link is maintained to preserve external references. Original Description A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function...

EUVD-2025-203400

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

Grav may be vulnerable to SSRF attack via Twig Templates

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

CVE-2025-66843

grav before v1.7.49.5 has a Stored Cross-Site Scripting Stored XSS vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later...

CVE-2025-66843

Grav, prior to v1.7.49.5, is affected by a Stored XSS in the page editing feature. An authenticated, low-privilege user with edit permissions can inject JavaScript into editable fields; the payload is stored server-side and executed when other users view or edit the affected page. Affected versio...

Grav 安全漏洞

Grav is Grav's open source set of scalable CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A security vulnerability exists in Grav versions prior to 1.7.49.5, which stems from improper handling of Twig templates and could lead t...

CVE-2025-63593

Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting XSS...

CVE-2025-63593

Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting XSS...

PT-2025-44792

Name of the Vulnerable Software and Affected Versions Grav CMS version 1.7.49.5 Description Grav CMS version 1.7.49.5 is susceptible to Cross Site Scripting XSS. This allows for the injection of malicious scripts into web pages viewed by other users. Recommendations At the moment, there is no...

CVE-2025-63593

Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting XSS...

CVE-2025-63593

Grav CMS 1.7.49.5 is reported as vulnerable to Cross-Site Scripting (XSS). The CNVD/Red Hat/NVD entries describe an XSS that arises from insufficient filtering/escaping of user-supplied data, enabling execution of arbitrary scripts in a user’s browser. The XSS affects Grav’s input handling and is...

CVE-2025-63593

Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting XSS...