Количество 2
Количество 2
CVE-2025-66468
The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8.
GHSA-424m-fj2q-g7vg
Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-66468 The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8. | CVSS3: 7.6 | 0% Низкий | 2 месяца назад |
| GHSA-424m-fj2q-g7vg Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors | CVSS3: 7.6 | 0% Низкий | 2 месяца назад |
Уязвимостей на страницу