Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/05/11 3:52 p.m.35 views

CVE-2026-44737 grav-plugin-admin: Stored Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][title]

grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...

6.2CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 3:52 p.m.16 views

CVE-2026-44737

Grav grav-plugin-admin is affected by a XSS in the /admin/pages/[page] endpoint, via data[header][title], reported before upgrading to 1.10.49.5. The vulnerability arises from improper validation/sanitization of the data[header][title] parameter, leading to an injected script being reflected in t...

6.2CVSS5.8AI score0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 3:52 p.m.7 views

CVE-2026-44737

grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...

6.2CVSS5.8AI score0.00256EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Grav-Plugin-Admin 跨站脚本漏洞

Grav-Plugin-Admin is an administrative plugin developed by Grav, an open-source project. It is used to configure Grav pages. Versions of Grav-Plugin-Admin prior to 1.10.49.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper validation and cleaning of the...

6.2CVSS5.6AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder