Cross-Site Scripting (XSS)
getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/config/site endpoint, which allows an attacker to inject malicious scripts via the datataxonomies parameter and execute them in users’ browsers...