21 matches found
Improper Access Control
getgrav/grav-plugin-api is vulnerable to Improper Access Control. The vulnerability is due to an insecure direct object reference and flawed permission update logic in UsersController::update, which allows an attacker to escalate privileges to Super Administrator and gain full system access...
Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin
CVE-2021-21425 - GravCMS Unauthenticated RCE Unauthenticated...
CVE-2026-44737 grav-plugin-admin: Stored Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][title]
grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...
CVE-2026-44737
Grav grav-plugin-admin is affected by a XSS in the /admin/pages/[page] endpoint, via data[header][title], reported before upgrading to 1.10.49.5. The vulnerability arises from improper validation/sanitization of the data[header][title] parameter, leading to an injected script being reflected in t...
CVE-2026-44737
grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...
Grav-Plugin-Admin 跨站脚本漏洞
Grav-Plugin-Admin is an administrative plugin developed by Grav, an open-source project. It is used to configure Grav pages. Versions of Grav-Plugin-Admin prior to 1.10.49.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper validation and cleaning of the...
GHSA-R945-H4VM-H736 Grav API Privilege Escalation to Super Admin
Summary An insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any authenticated user with basic API access api.access to modify their own permission configuration. An attacker can exploit this to escalate their privileges to Super Administrator...
Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin
CVE-2021-21425 source: https://www.exploi...
CVE-2021-3920
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3799
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames...
Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin
Exploit for: GravCMS 1.10.7 - Arbitrary YAML Write/...
Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin
Description grav-plugin-admin 1.10.25 has a Stored-XSS vulnerability that is executed when metadata information of a file whose name contains javascript are shown. Proof of Concept 1 - After installing grav+admin browse to http://127.0.0.1/admin/pages/home. 2 - Create a file named as follows:...
Cross site scripting
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3920
The CVE-2021-3920 entry concerns grav-plugin-admin for Grav CMS. The vulnerability is Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting). The issue is a stored XSS in getgrav/grav-plugin-admin per the CVE record. Affected component: grav-plugin-admin plugin; root c...
CVE-2021-3920 Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3799
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames...
Input validation
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames...
CVE-2021-3799 Improper Restriction of Rendered UI Layers or Frames in getgrav/grav-plugin-admin
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames...
CVE-2021-3799
CVE-2021-3799 relates to grav-plugin-admin, where the vulnerability arises from improper restriction of rendered UI layers or frames. The connected documents consistently describe an admin UI access-control/UI-layer restriction flaw that can enable clickjacking due to missing frame protection hea...
Grav-Plugin-Admin 访问控制错误漏洞
Grav-Plugin-Admin is an admin plugin. It is used to configure Grave pages. An Access Control Error vulnerability exists in grav-plugin-admin that stems from improper restrictions in the product's UI layer and framework...