Cross-site Scripting (XSS)
getgrav/grav is vulnerable to cross site scripting. The vulnerability exists due to lack of sanitization of regular expression in the detectXss function allowing an attacker to inject maliciously crafted script via the browser in onX events...