Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/05/11 3:29 p.m.26 views

CVE-2026-42842 grav-plugin-form: XSS via Taxonomy Field Values in Admin Panel

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Grav CMS Form plugin's select field template. Taxonomy tag and category values are rendered with the Twig |raw filter in the admin panel, bypassing the...

5.4CVSS0.00029EPSS
Exploits0References2
Snyk
Snykadded 2026/05/05 9:24 p.m.2 views

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of taxonomy field values in the admin panel, where user-supplied input is output using the |raw filt...

5.4CVSS5.8AI score0.00029EPSS
Exploits0References2
Veracode
Veracodeadded 2025/12/13 6:53 a.m.4 views

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the /admin/pages/page endpoint, which allows an attacker to inject malicious scripts into page metadata and taxonomy fields that are stored and executed when the page is...

6.2CVSS5.9AI score0.00024EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2024/10/22 8:15 a.m.1 views

CVE-2024-9590

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaftaddmetatextinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied...

4.8CVSS5.9AI score
Exploits0References2
OSV
OSVadded 2024/10/22 8:15 a.m.0 views

CVE-2024-9588

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaftoptionpage' function. This makes it possible for unauthenticated attackers to add and...

5.4CVSS5.6AI score
Exploits0References2
Drupal
Drupaladded 2019/03/13 12:0 a.m.6 views

Simple hierarchical select - Moderately critical - Cross site request forgery - SA-CONTRIB-2019-038

Simple hierarchical select defines a new form widget for taxonomy fields to select a term by "browsing" through the vocabularies hierarchy. It also allows users to create new taxonomy terms using its widget directly in the node form. Version 7.x of Simple hierarchical select doesn't sufficiently...

7AI score
Exploits0References4
Drupal
Drupaladded 2008/06/25 12:0 a.m.15 views

SA-2008-039 - Suggested terms - Cross site scripting

This module provides "suggested terms" for free-tagging Taxonomy fields based on terms already submitted. Taxonomy terms as presented in the clickable list are not properly sanitized. Users who are able to create new terms are able to insert arbitrary script code and HTML into certain edit pages...

7.2AI score
Exploits0References3
Rows per page
Query Builder