getgrav/grav is vulnerable to cross-site scripting (XSS) attacks. Insufficient checks in detectXss
allow remote attackers to inject and execute arbitrary javascript code in the victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
getgrav/grav | le | 1.7.27.1 | |
getgrav/grav | le | 1.7.27.1 |