2 matches found
CVE-2025-66300
Grav is a file-based CMS affected by CVE-2025-66300. A low-privilege user with page-editing rights could exploit path traversal via the Frontmatter form to read server files, including Grav user accounts located at /grav/user/accounts/*.yaml, exposing password hashes, 2FA secrets, and password-re...
CVE-2022-1298
The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...