Описание
Grav CMS Cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.
Пакеты
Наименование
getgrav/grav
composer
Затронутые версииВерсия исправления
< 1.3.0
1.3.0
Связанные уязвимости
CVSS3: 6.1
nvd
почти 8 лет назад
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.