Lucene search
Veracode Vulnerability DatabaseVERACODE:34710HistoryMar 16, 2022 - 5:55 a.m.
Cross-Site Scripting (XSS)
2022-03-1605:55:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
getgrav/grav
cross-site scripting
xss
stored
vulnerability
svg
uploads
javascript
EPSS
0.001
Percentile
21.4%
getgrav/grav is vulnerable to stored cross-site scripting. The vulnerability exists due to lack of xss validations for uploaded SVG files before they get stored which allows an attacker to inject and execute arbitrary javascript.
Related
github
github
Stored Cross-site Scripting in grav
2022-03-16 00:00:45
osv
osv
Stored Cross-site Scripting in grav
2022-03-16 00:00:45
CVE-2022-0970
2022-03-15 17:15:08
huntr
huntr
Cross-site Scripting (XSS) - Stored
2022-03-01 09:35:14
nvd
nvd
CVE-2022-0970
2022-03-15 17:15:08
cnvd
cnvd
Grav Cross-Site Scripting Vulnerability (CNVD-2022-20517)
2022-03-17 00:00:00
prion
prion
Cross site scripting
2022-03-15 17:15:00
cvelist
cvelist
CVE-2022-0970 Cross-site Scripting (XSS) - Stored in getgrav/grav
2022-03-15 16:40:10
cve
cve
CVE-2022-0970
2022-03-15 17:15:08