EPSS
Percentile
21.4%
getgrav/grav is vulnerable to stored cross-site scripting. The vulnerability exists due to lack of xss validations for uploaded SVG files before they get stored which allows an attacker to inject and execute arbitrary javascript.
github.com/advisories/GHSA-r6hh-5g3q-wwgc
github.com/getgrav/grav/commit/f19297d5f70476e7bedae9f2acef6b43615538b8
huntr.dev/bounties/dd436c44-cbf4-48ac-8817-3a24872534ec
huntr.dev/bounties/dd436c44-cbf4-48ac-8817-3a24872534ec/