getgrav/grav is vulnerable to cross site scripting. The vulnerability exists due to lack of sanitization of regular expression in the detectXss
function allowing an attacker to inject maliciously crafted script via the browser in onX
events.
CPE | Name | Operator | Version |
---|---|---|---|
getgrav/grav | le | 1.7.32 | |
getgrav/grav | le | 1.7.32 |