Cross-site Scripting (XSS)

2022-04-2704:05:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

21.6%

JSON

getgrav/grav is vulnerable to cross site scripting. The vulnerability exists due to lack of sanitization of regular expression in the detectXss function allowing an attacker to inject maliciously crafted script via the browser in onX events.

CPENameOperatorVersion
getgrav/gravle1.7.32
getgrav/gravle1.7.32

CPE	Name	Operator	Version
	getgrav/grav	le	1.7.32
	getgrav/grav	le	1.7.32

References

github.com/getgrav/grav/commit/1c0ed43afa5dc14169e6aa693b38e1a2f7aecad9

huntr.dev/bounties/b6016e95-9f48-4945-89cb-199b6e072218

0.001 Low

EPSS

Percentile

21.6%

JSON

Related for VERACODE:35264