4 matches found
CVE-2019-16126
Grav through 1.6.15 allows Stored Cross-Site Scripting due to JavaScript execution in SVG images...
CVE-2019-16126
Grav through 1.6.15 allows Stored Cross-Site Scripting due to JavaScript execution in SVG images...
CVE-2019-16126
Grav through 1.6.15 allows Stored Cross-Site Scripting due to JavaScript execution in SVG images...
CVE-2019-16126
CVE-2019-16126 affects Grav up to 1.6.15 and describes a Stored Cross-Site Scripting (XSS) vulnerability caused by JavaScript execution in SVG images. The cited sources consistently indicate that uploading or handling SVG content can lead to arbitrary script execution in a victim’s browser, enabl...