Lucene search
K
GetgravGrav-plugin-admin

9 matches found

CVE
CVE
added 2021/04/07 6:20 p.m.170 views

CVE-2021-21425

GravCMS (Grav Admin Plugin)

9.8CVSS9.4AI score0.80467EPSS
Web
CVE
CVE
added 2021/11/19 12:15 p.m.57 views

CVE-2021-3920

The CVE-2021-3920 entry concerns grav-plugin-admin for Grav CMS. The vulnerability is Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting). The issue is a stored XSS in getgrav/grav-plugin-admin per the CVE record. Affected component: grav-plugin-admin plugin; root c...

5.4CVSS5AI score0.0133EPSS
CVE
CVE
added 2021/09/27 12:25 p.m.51 views

CVE-2021-3799

CVE-2021-3799 relates to grav-plugin-admin, where the vulnerability arises from improper restriction of rendered UI layers or frames. The connected documents consistently describe an admin UI access-control/UI-layer restriction flaw that can enable clickjacking due to missing frame protection hea...

5.8CVSS5.4AI score0.01547EPSS
CVE
CVE
added 2025/12/01 10:0 p.m.20 views

CVE-2025-66308

Grav Admin Plugin stored-XSS CVE-2025-66308 affects the Grav admin UI via POST /admin/config/site, specifically data[taxonomies]. The vulnerability stores malicious input on the server which later executes in a user’s browser when configuring sites, creating a persistent attack vector. Root cause...

6.8CVSS4.7AI score0.00182EPSS
Web
CVE
CVE
added 2025/12/01 10:5 p.m.20 views

CVE-2025-66311

CVE-2025-66311 refers to a Stored XSS vulnerability in Grav’s admin interface. The issue is in the "/admin/pages/[page]" endpoint where un sanitized input could be injected into data[header][metadata], data[header][taxonomy][category], and data[header][taxonomy][tag], with payloads stored in page...

6.2CVSS4.8AI score0.00182EPSS
Web
CVE
CVE
added 2025/12/01 9:53 p.m.19 views

CVE-2025-66307

CVE-2025-66307 Grav Admin Plugin describes a user enumeration and email disclosure flaw in Grav’s Admin plugin prior to version 1.11.0-beta.1. The vulnerability is triggered via the Forgot Password workflow at /admin/forgot, which leaks a valid user’s email address by returning distinct responses...

6.5CVSS5.8AI score0.00277EPSS
Web
CVE
CVE
added 2025/12/01 10:2 p.m.14 views

CVE-2025-66309

Grav admin plugin (admin/pages/[page]) is affected by a Reflected XSS in the data[header][content][items] parameter of GET /admin/pages/[page]. The issue stems from insufficient input validation/sanitization and is fixed in Grav 1.11.0-beta.1. Multiple sources describe the vulnerability and inclu...

6.2CVSS5.3AI score0.00197EPSS
Web
CVE
CVE
added 2025/12/01 10:4 p.m.14 views

CVE-2025-66310

Grav’s admin plugin suffers a Stored XSS in the /admin/pages/[page] endpoint via data[header][template] stored in page frontmatter. Impact is execution of scripts when rendering content in admin or frontend views. Fix available in Grav 1.11.0-beta.1. No exploitation details are provided beyond th...

6.2CVSS4.9AI score0.00182EPSS
Web
CVE
CVE
added 2025/12/01 10:6 p.m.13 views

CVE-2025-66312

The CVE-2025-66312 pertains to Grav Admin Plugin, where a Stored XSS vulnerability existed in the /admin/accounts/groups/Grupo endpoint via the data[readableName] field. The issue allowed injected scripts to be stored on the server and executed when affected pages load. It affects Grav’s admin in...

6.2CVSS4.8AI score0.00182EPSS
Web