getgrav/grav is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to invalid input validation in the detectXss
function in the Security.php
file which allows remote attackers to inject and execute arbitrary javascript code in the victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
getgrav/grav | le | 1.7.30 | |
getgrav/grav | le | 1.7.30 |