Описание
Cross-site Scripting in grav
In grav prior to version 1.7.28, a low privilege user can create a page with arbitrary javascript by bypassing insufficent XSS filtering.
Пакеты
Наименование
getgrav/grav
composer
Затронутые версииВерсия исправления
< 1.7.28
1.7.28
Связанные уязвимости
CVSS3: 5.4
nvd
около 4 лет назад
Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.