18 matches found
Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin
CVE-2021-21425 - GravCMS Unauthenticated RCE Unauthenticated...
CVE-2026-44737 grav-plugin-admin: Stored Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][title]
grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...
CVE-2026-44737
Grav grav-plugin-admin is affected by a XSS in the /admin/pages/[page] endpoint, via data[header][title], reported before upgrading to 1.10.49.5. The vulnerability arises from improper validation/sanitization of the data[header][title] parameter, leading to an injected script being reflected in t...
CVE-2026-44737
grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...
Grav-Plugin-Admin 跨站脚本漏洞
Grav-Plugin-Admin is an administrative plugin developed by Grav, an open-source project. It is used to configure Grav pages. Versions of Grav-Plugin-Admin prior to 1.10.49.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper validation and cleaning of the...
Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin
CVE-2021-21425 source: https://www.exploi...
CVE-2021-3920
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin
Exploit for: GravCMS 1.10.7 - Arbitrary YAML Write/...
Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin
Description grav-plugin-admin 1.10.25 has a Stored-XSS vulnerability that is executed when metadata information of a file whose name contains javascript are shown. Proof of Concept 1 - After installing grav+admin browse to http://127.0.0.1/admin/pages/home. 2 - Create a file named as follows:...
Cross site scripting
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3920
The CVE-2021-3920 entry concerns grav-plugin-admin for Grav CMS. The vulnerability is Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting). The issue is a stored XSS in getgrav/grav-plugin-admin per the CVE record. Affected component: grav-plugin-admin plugin; root c...
CVE-2021-3920 Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3799
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames...
Input validation
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames...
CVE-2021-3799 Improper Restriction of Rendered UI Layers or Frames in getgrav/grav-plugin-admin
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames...
CVE-2021-3799
CVE-2021-3799 relates to grav-plugin-admin, where the vulnerability arises from improper restriction of rendered UI layers or frames. The connected documents consistently describe an admin UI access-control/UI-layer restriction flaw that can enable clickjacking due to missing frame protection hea...
Grav-Plugin-Admin 访问控制错误漏洞
Grav-Plugin-Admin is an admin plugin. It is used to configure Grave pages. An Access Control Error vulnerability exists in grav-plugin-admin that stems from improper restrictions in the product's UI layer and framework...
in getgrav/grav-plugin-admin
✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...