Lucene search
K

33 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.24 views

PT-2026-37278

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A stored Cross-Site Scripting XSS issue allows publisher-level accounts to execute arbitrary JavaScript. The problem is caused by a blacklist bypass in the detectXss function, which fails to...

8.5CVSS6.1AI score0.00238EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0492

Malicious code in bioql PyPI...

5.7CVSS5.6AI score0.01416EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/05 9:19 p.m.6 views

CVE-2022-2073

Code Injection in GitHub repository getgrav/grav prior to 1.7.34...

9.1CVSS7AI score0.10385EPSS
Exploits2References1
Veracode
Veracode
added 2024/03/26 12:41 p.m.17 views

Arbitrary Code Execution

getgrav/grav is vulnerable to Arbitrary Code Execution. This vulnerability is due to improper validation of accessible functions through the Utils::isDangerousFunction and the lack of restrictions on twig functions like twigarraymap, allowing attackers to bypass the validation and execute arbitra...

8.8CVSS7.6AI score0.01381EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2024/03/07 10:30 a.m.14 views

Insufficient Permission Validation

getgrav/grav is vulnerable to Insufficient Permission Validation. The vulnerability is due to enabling regular users with page creation privileges to access the Frontmatter feature when the datajsonheaderform parameter is included in the POST body while creating a page. The vulnerability is also...

8.8CVSS7.4AI score0.01357EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2023/06/21 2:6 a.m.8 views

Server-Side Template Injection (SSTI)

getgrav/grav is vulnerable to Server-Side Template Injection SSTI. The vulnerability exists because the Filter function of GravExtension.php does not properly block the other built-in functions exposed by Twig's Core Extension, which allows an attacker to invoke arbitrary unsafe functions, leadin...

8.8CVSS7.9AI score0.04515EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2022/06/30 5:21 a.m.37 views

Remote Code Execution

getgrav/grav is vulnerable to remote code execution. An authenticated remote attacker is able to cause server side template injection via Twig which renders risky functions by default, such as system...

7.2CVSS7.5AI score0.10385EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2022/06/29 7:15 p.m.29 views

CVE-2022-2073

Code Injection in GitHub repository getgrav/grav prior to 1.7.34...

9.1CVSS0.10385EPSS
Exploits2References2
Prion
Prion
added 2022/06/29 7:15 p.m.23 views

Code injection

Code Injection in GitHub repository getgrav/grav prior to 1.7.34...

6.5CVSS7AI score0.10385EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2022/06/29 6:20 p.m.31 views

CVE-2022-2073 Code Injection in getgrav/grav

Code Injection in GitHub repository getgrav/grav prior to 1.7.34...

9.1CVSS8.2AI score0.10385EPSS
Exploits2References2
CVE
CVE
added 2022/06/29 6:20 p.m.115 views

CVE-2022-2073

CVE-2022-2073 is a Grav SSTI vulnerability in getgrav/grav prior to 1.7.34 where the Twig filter function could be abused to trigger unsafe calls. Grav patched filter() in 1.7.34, but attackers could still abuse other Twig core filters (e.g., map/reduce) to reach remote code execution unless thos...

9.1CVSS7.9AI score0.10385EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2022/06/29 6:20 p.m.16 views

CVE-2022-2073 Code Injection in getgrav/grav

Code Injection in GitHub repository getgrav/grav prior to 1.7.34...

9.1CVSS8.1AI score0.10385EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2022/06/29 12:0 a.m.4 views

PT-2022-14839 · Unknown · Getgrav/Grav

Name of the Vulnerable Software and Affected Versions: getgrav/grav versions prior to 1.7.34 Description: The issue concerns Server Side Template Injection via Twig, where Twig should not render dangerous functions by default, such as system. This is related to Code Injection in the GitHub...

9.1CVSS8.1AI score0.10385EPSS
Exploits2References8
NVD
NVD
added 2022/04/26 4:15 p.m.27 views

CVE-2022-1173

stored xss in GitHub repository getgrav/grav prior to 1.7.33...

8.2CVSS0.01472EPSS
Exploits1References2
Prion
Prion
added 2022/04/26 4:15 p.m.12 views

Cross site scripting

stored xss in GitHub repository getgrav/grav prior to 1.7.33...

3.5CVSS5.4AI score0.01472EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2022/03/16 5:55 a.m.21 views

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to stored cross-site scripting. The vulnerability exists due to lack of xss validations for uploaded SVG files before they get stored which allows an attacker to inject and execute arbitrary javascript...

5.4CVSS2.9AI score0.01771EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/15 5:15 p.m.6 views

CVE-2022-0970

Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...

7.1CVSS6.5AI score0.01771EPSS
Exploits1References3
OSV
OSV
added 2022/03/15 4:40 p.m.21 views

CVE-2022-0970 Cross-site Scripting (XSS) - Stored in getgrav/grav

Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...

7.1CVSS6.7AI score0.01771EPSS
Exploits1References4
NVD
NVD
added 2022/02/28 11:15 p.m.20 views

CVE-2022-0743

Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...

4.6CVSS0.01343EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/02/28 11:0 p.m.20 views

CVE-2022-0743 Cross-site Scripting (XSS) - Stored in getgrav/grav

Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...

4.6CVSS4.8AI score0.01343EPSS
Exploits1References2
Rows per page
Query Builder