Grav Security Vulnerabilities and Issues — Grav CVE List

Lucene search

GetgravGrav

5 matches found

CVE•added 2020/04/04 7:15 p.m.•101 views

CVE-2020-11529

Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.

6.1CVSS6.1AI score0.68647EPSS

CVE•added 2021/09/27 1:15 p.m.•74 views

CVE-2021-3818

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking

6.3CVSS5.4AI score0.00366EPSS

CVE•added 2021/10/27 10:15 p.m.•65 views

CVE-2021-3904

grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.3CVSS5.5AI score0.00169EPSS

CVE•added 2025/01/06 7:15 p.m.•43 views

CVE-2024-35498

A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

6.1CVSS5.8AI score0.00012EPSS

CVE•added 2023/06/14 11:15 p.m.•40 views

CVE-2023-34452

Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an a...

6.1CVSS6AI score0.008EPSS