GHSA-C2Q3-P4JR-C55F Grav Vulnerable to XSS via Taxonomy Field Values in Admin Panel
Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Grav CMS Form plugin's select field template. Taxonomy tag and category values are rendered with the Twig |raw filter in the admin panel, bypassing the global autoescape protection. An editor-level user can inject arbitrary...