Lucene search
K

4 matches found

Veracode
Veracode
added 2025/12/13 6:44 a.m.4 views

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/config/site endpoint, which allows an attacker to inject malicious scripts via the datataxonomies parameter and execute them in users’ browsers...

6.8CVSS6AI score0.00182EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 1:23 a.m.7 views

Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/config/site endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the datataxonomies parameter. The injected payload is stored on the server and automatically...

6.8CVSS5.2AI score0.00182EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/01 10:0 p.m.5 views

CVE-2025-66308 Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/config/site endpoint of the Grav application. This...

6.8CVSS0.00182EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.5 views

PT-2025-48567

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.11.0-beta.1 Description The admin plugin for Grav, an HTML user interface for configuring Grav and managing pages, contains a Stored Cross-Site Scripting XSS issue. This allows attackers to inject malicious scripts int...

6.8CVSS4.9AI score0.00182EPSS
Exploits1References6
Rows per page
Query Builder