Описание
Grav CMS is vulnerable to Cross Site Scripting (XSS) in the page editor
Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize
Пакеты
Наименование
getgrav/grav
composer
Затронутые версииВерсия исправления
<= 1.7.49
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
2 месяца назад
Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.